Code Coverage for /data/phpBB/includes/acp/auth.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	7.69% covered (danger)	7.69%	1 / 13	CRAP	10.14% covered (danger)	10.14%	78 / 769
auth_admin	0.00% covered (danger)	0.00%	0 / 1	7.69% covered (danger)	7.69%	1 / 13	41989.03	9.92% covered (danger)	9.92%	76 / 766
__construct				100.00% covered (success)	100.00%	1 / 1	5	100.00% covered (success)	100.00%	24 / 24
get_mask				0.00% covered (danger)	0.00%	0 / 1	1260	0.00% covered (danger)	0.00%	0 / 68
anonymous function				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 2
get_role_mask				0.00% covered (danger)	0.00%	0 / 1	12	0.00% covered (danger)	0.00%	0 / 19
display_mask				0.00% covered (danger)	0.00%	0 / 1	6480	0.00% covered (danger)	0.00%	0 / 233
display_role_mask				0.00% covered (danger)	0.00%	0 / 1	156	0.00% covered (danger)	0.00%	0 / 53
acl_add_option				0.00% covered (danger)	0.00%	0 / 1	20.16	85.25% covered (warning)	85.25%	52 / 61
acl_set				0.00% covered (danger)	0.00%	0 / 1	380	0.00% covered (danger)	0.00%	0 / 82
acl_set_role				0.00% covered (danger)	0.00%	0 / 1	90	0.00% covered (danger)	0.00%	0 / 38
acl_delete				0.00% covered (danger)	0.00%	0 / 1	306	0.00% covered (danger)	0.00%	0 / 66
assign_cat_array				0.00% covered (danger)	0.00%	0 / 1	600	0.00% covered (danger)	0.00%	0 / 46
build_permission_array				0.00% covered (danger)	0.00%	0 / 1	110	0.00% covered (danger)	0.00%	0 / 34
ghost_permissions				0.00% covered (danger)	0.00%	0 / 1	30	0.00% covered (danger)	0.00%	0 / 21

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* ACP Permission/Auth class
24	*/
25	class auth_admin extends \phpbb\auth\auth
26	{
27	/**
28	* Init auth settings
29	*/
30	function __construct()
31	{
32	global $db, $cache;
33
34	if (($this->acl_options = $cache->get('_acl_options')) === false)
35	{
36	$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
37	FROM ' . ACL_OPTIONS_TABLE . '
38	ORDER BY auth_option_id';
39	$result = $db->sql_query($sql);
40
41	$global = $local = 0;
42	$this->acl_options = array();
43	while ($row = $db->sql_fetchrow($result))
44	{
45	if ($row['is_global'])
46	{
47	$this->acl_options['global'][$row['auth_option']] = $global++;
48	}
49
50	if ($row['is_local'])
51	{
52	$this->acl_options['local'][$row['auth_option']] = $local++;
53	}
54
55	$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
56	$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
57	}
58	$db->sql_freeresult($result);
59
60	$cache->put('_acl_options', $this->acl_options);
61	}
62	}
63
64	/**
65	* Get permission mask
66	* This function only supports getting permissions of one type (for example a_)
67	*
68	* @param set\|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
69	* @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
70	* @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
71	* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
72	* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
73	* @param local\|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
74	* @param ACL_NEVER\|ACL_NO\|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
75	*/
76	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
77	{
78	global $db, $user;
79
80	$hold_ary = array();
81	$view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
82
83	if ($auth_option === false \|\| $scope === false)
84	{
85	return array();
86	}
87
88	$acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
89
90	if (!$view_user_mask)
91	{
92	if ($forum_id !== false)
93	{
94	$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
95	}
96	else
97	{
98	$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
99	}
100	}
101
102	// Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
103	$ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
104	$forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
105
106	// Only those options we need
107	$compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)\|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
108
109	// If forum_ids is false and the scope is local we actually want to have all forums within the array
110	if ($scope == 'local' && !count($forum_ids))
111	{
112	$sql = 'SELECT forum_id
113	FROM ' . FORUMS_TABLE;
114	$result = $db->sql_query($sql, 120);
115
116	while ($row = $db->sql_fetchrow($result))
117	{
118	$forum_ids[] = (int) $row['forum_id'];
119	}
120	$db->sql_freeresult($result);
121	}
122
123	if ($view_user_mask)
124	{
125	$auth2 = null;
126
127	$sql = 'SELECT user_id, user_permissions, user_type
128	FROM ' . USERS_TABLE . '
129	WHERE ' . $db->sql_in_set('user_id', $ug_id);
130	$result = $db->sql_query($sql);
131
132	while ($userdata = $db->sql_fetchrow($result))
133	{
134	if ($user->data['user_id'] != $userdata['user_id'])
135	{
136	$auth2 = new \phpbb\auth\auth();
137	$auth2->acl($userdata);
138	}
139	else
140	{
141	global $auth;
142	$auth2 = &$auth;
143	}
144
145	$hold_ary[$userdata['user_id']] = array();
146	foreach ($forum_ids as $f_id)
147	{
148	$hold_ary[$userdata['user_id']][$f_id] = array();
149	foreach ($compare_options as $option)
150	{
151	$hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
152	}
153	}
154	}
155	$db->sql_freeresult($result);
156
157	unset($userdata);
158	unset($auth2);
159	}
160
161	foreach ($ug_id as $_id)
162	{
163	if (!isset($hold_ary[$_id]))
164	{
165	$hold_ary[$_id] = array();
166	}
167
168	foreach ($forum_ids as $f_id)
169	{
170	if (!isset($hold_ary[$_id][$f_id]))
171	{
172	$hold_ary[$_id][$f_id] = array();
173	}
174	}
175	}
176
177	// Now, we need to fill the gaps with $acl_fill. ;)
178
179	// Now switch back to keys
180	if (count($compare_options))
181	{
182	$compare_options = array_combine($compare_options, array_fill(1, count($compare_options), $acl_fill));
183	}
184
185	// Defining the user-function here to save some memory
186	$return_acl_fill = function () use ($acl_fill)
187	{
188	return $acl_fill;
189	};
190
191	// Actually fill the gaps
192	if (count($hold_ary))
193	{
194	foreach ($hold_ary as $ug_id => $row)
195	{
196	foreach ($row as $id => $options)
197	{
198	// Do not include the global auth_option
199	unset($options[$auth_option]);
200
201	// Not a "fine" solution, but at all it's a 1-dimensional
202	// array_diff_key function filling the resulting array values with zeros
203	// The differences get merged into $hold_ary (all permissions having $acl_fill set)
204	$hold_ary[$ug_id][$id] = array_merge($options,
205
206	array_map($return_acl_fill,
207	array_flip(
208	array_diff(
209	array_keys($compare_options), array_keys($options)
210	)
211	)
212	)
213	);
214	}
215	}
216	}
217	else
218	{
219	$hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
220	}
221
222	return $hold_ary;
223	}
224
225	/**
226	* Get permission mask for roles
227	* This function only supports getting masks for one role
228	*/
229	function get_role_mask($role_id)
230	{
231	global $db;
232
233	$hold_ary = array();
234
235	// Get users having this role set...
236	$sql = 'SELECT user_id, forum_id
237	FROM ' . ACL_USERS_TABLE . '
238	WHERE auth_role_id = ' . $role_id . '
239	ORDER BY forum_id';
240	$result = $db->sql_query($sql);
241
242	while ($row = $db->sql_fetchrow($result))
243	{
244	$hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
245	}
246	$db->sql_freeresult($result);
247
248	// Now grab groups...
249	$sql = 'SELECT group_id, forum_id
250	FROM ' . ACL_GROUPS_TABLE . '
251	WHERE auth_role_id = ' . $role_id . '
252	ORDER BY forum_id';
253	$result = $db->sql_query($sql);
254
255	while ($row = $db->sql_fetchrow($result))
256	{
257	$hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
258	}
259	$db->sql_freeresult($result);
260
261	return $hold_ary;
262	}
263
264	/**
265	* Display permission mask (assign to template)
266	*/
267	function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
268	{
269	global $template, $user, $db, $phpbb_container;
270
271	/* @var $phpbb_permissions \phpbb\permissions */
272	$phpbb_permissions = $phpbb_container->get('acl.permissions');
273
274	/** @var \phpbb\group\helper $group_helper */
275	$group_helper = $phpbb_container->get('group_helper');
276
277	// Define names for template loops, might be able to be set
278	$tpl_pmask = 'p_mask';
279	$tpl_fmask = 'f_mask';
280	$tpl_category = 'category';
281	$tpl_mask = 'mask';
282
283	$l_acl_type = $phpbb_permissions->get_type_lang($permission_type, (($local) ? 'local' : 'global'));
284
285	// Allow trace for viewing permissions and in user mode
286	$show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
287
288	// Get names
289	if ($user_mode == 'user')
290	{
291	$sql = 'SELECT user_id as ug_id, username as ug_name
292	FROM ' . USERS_TABLE . '
293	WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
294	ORDER BY username_clean ASC';
295	}
296	else
297	{
298	$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
299	FROM ' . GROUPS_TABLE . '
300	WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
301	ORDER BY group_type DESC, group_name ASC';
302	}
303	$result = $db->sql_query($sql);
304
305	$ug_names_ary = array();
306	while ($row = $db->sql_fetchrow($result))
307	{
308	$ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : $group_helper->get_name($row['ug_name']);
309	}
310	$db->sql_freeresult($result);
311
312	// Get used forums
313	$forum_ids = array();
314	foreach ($hold_ary as $ug_id => $row)
315	{
316	$forum_ids = array_merge($forum_ids, array_keys($row));
317	}
318	$forum_ids = array_unique($forum_ids);
319
320	$forum_names_ary = array();
321	if ($local)
322	{
323	$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
324
325	// Remove the disabled ones, since we do not create an option field here...
326	foreach ($forum_names_ary as $key => $value)
327	{
328	if (!$value['disabled'])
329	{
330	continue;
331	}
332	unset($forum_names_ary[$key]);
333	}
334	}
335	else
336	{
337	$forum_names_ary[0] = $l_acl_type;
338	}
339
340	// Get available roles
341	$sql = 'SELECT *
342	FROM ' . ACL_ROLES_TABLE . "
343	WHERE role_type = '" . $db->sql_escape($permission_type) . "'
344	ORDER BY role_order ASC";
345	$result = $db->sql_query($sql);
346
347	$roles = array();
348	while ($row = $db->sql_fetchrow($result))
349	{
350	$roles[$row['role_id']] = $row;
351	}
352	$db->sql_freeresult($result);
353
354	$cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
355
356	// Build js roles array (role data assignments)
357	$s_role_js_array = '';
358
359	if (count($roles))
360	{
361	$s_role_js_array = array();
362
363	// Make sure every role (even if empty) has its array defined
364	foreach ($roles as $_role_id => $null)
365	{
366	$s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
367	}
368
369	$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
370	FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
371	WHERE o.auth_option_id = r.auth_option_id
372	AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
373	$result = $db->sql_query($sql);
374
375	while ($row = $db->sql_fetchrow($result))
376	{
377	$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
378	if ($flag == $row['auth_option'])
379	{
380	continue;
381	}
382
383	$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
384	}
385	$db->sql_freeresult($result);
386
387	$s_role_js_array = implode('', $s_role_js_array);
388	}
389
390	$template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
391	unset($s_role_js_array);
392
393	// Now obtain memberships
394	$user_groups_default = $user_groups_custom = array();
395	if ($user_mode == 'user' && $group_display)
396	{
397	$sql = 'SELECT group_id, group_name, group_type
398	FROM ' . GROUPS_TABLE . '
399	ORDER BY group_type DESC, group_name ASC';
400	$result = $db->sql_query($sql);
401
402	$groups = array();
403	while ($row = $db->sql_fetchrow($result))
404	{
405	$groups[$row['group_id']] = $row;
406	}
407	$db->sql_freeresult($result);
408
409	$memberships = group_memberships(false, array_keys($hold_ary), false);
410
411	// User is not a member of any group? Bad admin, bad bad admin...
412	if ($memberships)
413	{
414	foreach ($memberships as $row)
415	{
416	$user_groups_default[$row['user_id']][] = $group_helper->get_name($groups[$row['group_id']]['group_name']);
417	}
418	}
419	unset($memberships, $groups);
420	}
421
422	// If we only have one forum id to display or being in local mode and more than one user/group to display,
423	// we switch the complete interface to group by user/usergroup instead of grouping by forum
424	// To achieve this, we need to switch the array a bit
425	if (count($forum_ids) == 1 \|\| ($local && count($ug_names_ary) > 1))
426	{
427	$hold_ary_temp = $hold_ary;
428	$hold_ary = array();
429	foreach ($hold_ary_temp as $ug_id => $row)
430	{
431	foreach ($forum_names_ary as $forum_id => $forum_row)
432	{
433	if (isset($row[$forum_id]))
434	{
435	$hold_ary[$forum_id][$ug_id] = $row[$forum_id];
436	}
437	}
438	}
439	unset($hold_ary_temp);
440
441	foreach ($hold_ary as $forum_id => $forum_array)
442	{
443	$content_array = $categories = array();
444	$this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
445
446	$template->assign_block_vars($tpl_pmask, array(
447	'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
448	'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
449
450	'CATEGORIES' => implode('</th><th>', $categories),
451
452	'L_ACL_TYPE' => $l_acl_type,
453
454	'S_LOCAL' => ($local) ? true : false,
455	'S_GLOBAL' => (!$local) ? true : false,
456	'S_NUM_CATS' => count($categories),
457	'S_VIEW' => ($mode == 'view') ? true : false,
458	'S_NUM_OBJECTS' => count($content_array),
459	'S_USER_MODE' => ($user_mode == 'user') ? true : false,
460	'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
461	);
462
463	@reset($content_array);
464	while (list($ug_id, $ug_array) = each($content_array))
465	{
466	// Build role dropdown options
467	$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
468
469	$role_options = array();
470
471	$s_role_options = '';
472	$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
473
474	@reset($roles);
475	while (list($role_id, $role_row) = each($roles))
476	{
477	$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
478	$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
479
480	$title = ($role_description) ? ' title="' . $role_description . '"' : '';
481	$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
482
483	$role_options[] = array(
484	'ID' => $role_id,
485	'ROLE_NAME' => $role_name,
486	'TITLE' => $role_description,
487	'SELECTED' => $role_id == $current_role_id,
488	);
489	}
490
491	if ($s_role_options)
492	{
493	$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
494	}
495
496	if (!$current_role_id && $mode != 'view')
497	{
498	$s_custom_permissions = false;
499
500	foreach ($ug_array as $key => $value)
501	{
502	if ($value['S_NEVER'] \|\| $value['S_YES'])
503	{
504	$s_custom_permissions = true;
505	break;
506	}
507	}
508	}
509	else
510	{
511	$s_custom_permissions = false;
512	}
513
514	$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
515	'NAME' => $ug_names_ary[$ug_id],
516	'UG_ID' => $ug_id,
517	'S_ROLE_OPTIONS' => $s_role_options,
518	'S_CUSTOM' => $s_custom_permissions,
519	'FORUM_ID' => $forum_id,
520	'S_ROLE_ID' => $current_role_id,
521	));
522
523	$template->assign_block_vars_array($tpl_pmask . '.' . $tpl_fmask . '.role_options', $role_options);
524
525	$this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace);
526
527	unset($content_array[$ug_id]);
528	}
529
530	unset($hold_ary[$forum_id]);
531	}
532	}
533	else
534	{
535	foreach ($ug_names_ary as $ug_id => $ug_name)
536	{
537	if (!isset($hold_ary[$ug_id]))
538	{
539	continue;
540	}
541
542	$content_array = $categories = array();
543	$this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
544
545	$template->assign_block_vars($tpl_pmask, array(
546	'NAME' => $ug_name,
547	'CATEGORIES' => implode('</th><th>', $categories),
548
549	'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && count($user_groups_default[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_default[$ug_id]) : '',
550	'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && count($user_groups_custom[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_custom[$ug_id]) : '',
551	'L_ACL_TYPE' => $l_acl_type,
552
553	'S_LOCAL' => ($local) ? true : false,
554	'S_GLOBAL' => (!$local) ? true : false,
555	'S_NUM_CATS' => count($categories),
556	'S_VIEW' => ($mode == 'view') ? true : false,
557	'S_NUM_OBJECTS' => count($content_array),
558	'S_USER_MODE' => ($user_mode == 'user') ? true : false,
559	'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
560	);
561
562	@reset($content_array);
563	while (list($forum_id, $forum_array) = each($content_array))
564	{
565	// Build role dropdown options
566	$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
567
568	$role_options = array();
569
570	$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
571	$s_role_options = '';
572
573	@reset($roles);
574	while (list($role_id, $role_row) = each($roles))
575	{
576	$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
577	$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
578
579	$title = ($role_description) ? ' title="' . $role_description . '"' : '';
580	$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
581
582	$role_options[] = array(
583	'ID' => $role_id,
584	'ROLE_NAME' => $role_name,
585	'TITLE' => $role_description,
586	'SELECTED' => $role_id == $current_role_id,
587	);
588	}
589
590	if ($s_role_options)
591	{
592	$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
593	}
594
595	if (!$current_role_id && $mode != 'view')
596	{
597	$s_custom_permissions = false;
598
599	foreach ($forum_array as $key => $value)
600	{
601	if ($value['S_NEVER'] \|\| $value['S_YES'])
602	{
603	$s_custom_permissions = true;
604	break;
605	}
606	}
607	}
608	else
609	{
610	$s_custom_permissions = false;
611	}
612
613	$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
614	'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
615	'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
616	'S_CUSTOM' => $s_custom_permissions,
617	'UG_ID' => $ug_id,
618	'S_ROLE_OPTIONS' => $s_role_options,
619	'FORUM_ID' => $forum_id)
620	);
621
622	$template->assign_block_vars_array($tpl_pmask . '.' . $tpl_fmask . '.role_options', $role_options);
623
624	$this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace);
625	}
626
627	unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
628	}
629	}
630	}
631
632	/**
633	* Display permission mask for roles
634	*/
635	function display_role_mask(&$hold_ary)
636	{
637	global $db, $template, $user, $phpbb_root_path, $phpEx;
638	global $phpbb_container;
639
640	if (!count($hold_ary))
641	{
642	return;
643	}
644
645	/** @var \phpbb\group\helper $group_helper */
646	$group_helper = $phpbb_container->get('group_helper');
647
648	// Get forum names
649	$sql = 'SELECT forum_id, forum_name
650	FROM ' . FORUMS_TABLE . '
651	WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . '
652	ORDER BY left_id';
653	$result = $db->sql_query($sql);
654
655	// If the role is used globally, then reflect that
656	$forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
657	while ($row = $db->sql_fetchrow($result))
658	{
659	$forum_names[$row['forum_id']] = $row['forum_name'];
660	}
661	$db->sql_freeresult($result);
662
663	foreach ($forum_names as $forum_id => $forum_name)
664	{
665	$auth_ary = $hold_ary[$forum_id];
666
667	$template->assign_block_vars('role_mask', array(
668	'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name,
669	'FORUM_ID' => $forum_id)
670	);
671
672	if (isset($auth_ary['users']) && count($auth_ary['users']))
673	{
674	$sql = 'SELECT user_id, username
675	FROM ' . USERS_TABLE . '
676	WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
677	ORDER BY username_clean ASC';
678	$result = $db->sql_query($sql);
679
680	while ($row = $db->sql_fetchrow($result))
681	{
682	$template->assign_block_vars('role_mask.users', array(
683	'USER_ID' => $row['user_id'],
684	'USERNAME' => get_username_string('username', $row['user_id'], $row['username']),
685	'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username']),
686	));
687	}
688	$db->sql_freeresult($result);
689	}
690
691	if (isset($auth_ary['groups']) && count($auth_ary['groups']))
692	{
693	$sql = 'SELECT group_id, group_name, group_type
694	FROM ' . GROUPS_TABLE . '
695	WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
696	ORDER BY group_type ASC, group_name';
697	$result = $db->sql_query($sql);
698
699	while ($row = $db->sql_fetchrow($result))
700	{
701	$template->assign_block_vars('role_mask.groups', array(
702	'GROUP_ID' => $row['group_id'],
703	'GROUP_NAME' => $group_helper->get_name($row['group_name']),
704	'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}"))
705	);
706	}
707	$db->sql_freeresult($result);
708	}
709	}
710	}
711
712	/**
713	* NOTE: this function is not in use atm
714	* Add a new option to the list ... $options is a hash of form ->
715	* $options = array(
716	* 'local' => array('option1', 'option2', ...),
717	* 'global' => array('optionA', 'optionB', ...)
718	* );
719	*/
720	function acl_add_option($options)
721	{
722	global $db, $cache;
723
724	if (!is_array($options))
725	{
726	return false;
727	}
728
729	$cur_options = array();
730
731	// Determine current options
732	$sql = 'SELECT auth_option, is_global, is_local
733	FROM ' . ACL_OPTIONS_TABLE . '
734	ORDER BY auth_option_id';
735	$result = $db->sql_query($sql);
736
737	while ($row = $db->sql_fetchrow($result))
738	{
739	$cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
740	}
741	$db->sql_freeresult($result);
742
743	// Here we need to insert new options ... this requires discovering whether
744	// an options is global, local or both and whether we need to add an permission
745	// set flag (x_)
746	$new_options = array('local' => array(), 'global' => array());
747
748	foreach ($options as $type => $option_ary)
749	{
750	$option_ary = array_unique($option_ary);
751
752	foreach ($option_ary as $option_value)
753	{
754	$new_options[$type][] = $option_value;
755
756	$flag = substr($option_value, 0, strpos($option_value, '_') + 1);
757
758	if (!in_array($flag, $new_options[$type]))
759	{
760	$new_options[$type][] = $flag;
761	}
762	}
763	}
764	unset($options);
765
766	$options = array();
767	$options['local'] = array_diff($new_options['local'], $new_options['global']);
768	$options['global'] = array_diff($new_options['global'], $new_options['local']);
769	$options['both'] = array_intersect($new_options['local'], $new_options['global']);
770
771	// Now check which options to add/update
772	$add_options = $update_options = array();
773
774	// First local ones...
775	foreach ($options as $type => $option_ary)
776	{
777	foreach ($option_ary as $option)
778	{
779	if (!isset($cur_options[$option]))
780	{
781	$add_options[] = array(
782	'auth_option' => (string) $option,
783	'is_global' => ($type == 'global' \|\| $type == 'both') ? 1 : 0,
784	'is_local' => ($type == 'local' \|\| $type == 'both') ? 1 : 0
785	);
786
787	continue;
788	}
789
790	// Else, update existing entry if it is changed...
791	if ($type === $cur_options[$option])
792	{
793	continue;
794	}
795
796	// New type is always both:
797	// If is now both, we set both.
798	// If it was global the new one is local and we need to set it to both
799	// If it was local the new one is global and we need to set it to both
800	$update_options[] = $option;
801	}
802	}
803
804	if (!empty($add_options))
805	{
806	$db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
807	}
808
809	if (!empty($update_options))
810	{
811	$sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
812	SET is_global = 1, is_local = 1
813	WHERE ' . $db->sql_in_set('auth_option', $update_options);
814	$db->sql_query($sql);
815	}
816
817	$cache->destroy('_acl_options');
818	$this->acl_clear_prefetch();
819
820	// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
821	$this->acl_options = array();
822	$this->__construct();
823
824	return true;
825	}
826
827	/**
828	* Set a user or group ACL record
829	*/
830	function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
831	{
832	global $db;
833
834	// One or more forums
835	if (!is_array($forum_id))
836	{
837	$forum_id = array($forum_id);
838	}
839
840	// One or more users
841	if (!is_array($ug_id))
842	{
843	$ug_id = array($ug_id);
844	}
845
846	$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
847	$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
848
849	// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
850	$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
851	$id_field = $ug_type . '_id';
852
853	// Get any flags as required
854	reset($auth);
855	$flag = key($auth);
856	$flag = substr($flag, 0, strpos($flag, '_') + 1);
857
858	// This ID (the any-flag) is set if one or more permissions are true...
859	$any_option_id = (int) $this->acl_options['id'][$flag];
860
861	// Remove any-flag from auth ary
862	if (isset($auth[$flag]))
863	{
864	unset($auth[$flag]);
865	}
866
867	// Remove current auth options...
868	$auth_option_ids = array((int) $any_option_id);
869	foreach ($auth as $auth_option => $auth_setting)
870	{
871	$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
872	}
873
874	$sql = "DELETE FROM $table
875	WHERE $forum_sql
876	AND $ug_id_sql
877	AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
878	$db->sql_query($sql);
879
880	// Remove those having a role assigned... the correct type of course...
881	$sql = 'SELECT role_id
882	FROM ' . ACL_ROLES_TABLE . "
883	WHERE role_type = '" . $db->sql_escape($flag) . "'";
884	$result = $db->sql_query($sql);
885
886	$role_ids = array();
887	while ($row = $db->sql_fetchrow($result))
888	{
889	$role_ids[] = $row['role_id'];
890	}
891	$db->sql_freeresult($result);
892
893	if (count($role_ids))
894	{
895	$sql = "DELETE FROM $table
896	WHERE $forum_sql
897	AND $ug_id_sql
898	AND auth_option_id = 0
899	AND " . $db->sql_in_set('auth_role_id', $role_ids);
900	$db->sql_query($sql);
901	}
902
903	// Ok, include the any-flag if one or more auth options are set to yes...
904	foreach ($auth as $auth_option => $setting)
905	{
906	if ($setting == ACL_YES && (!isset($auth[$flag]) \|\| $auth[$flag] == ACL_NEVER))
907	{
908	$auth[$flag] = ACL_YES;
909	}
910	}
911
912	$sql_ary = array();
913	foreach ($forum_id as $forum)
914	{
915	$forum = (int) $forum;
916
917	if ($role_id)
918	{
919	foreach ($ug_id as $id)
920	{
921	$sql_ary[] = array(
922	$id_field => (int) $id,
923	'forum_id' => (int) $forum,
924	'auth_option_id' => 0,
925	'auth_setting' => 0,
926	'auth_role_id' => (int) $role_id,
927	);
928	}
929	}
930	else
931	{
932	foreach ($auth as $auth_option => $setting)
933	{
934	$auth_option_id = (int) $this->acl_options['id'][$auth_option];
935
936	if ($setting != ACL_NO)
937	{
938	foreach ($ug_id as $id)
939	{
940	$sql_ary[] = array(
941	$id_field => (int) $id,
942	'forum_id' => (int) $forum,
943	'auth_option_id' => (int) $auth_option_id,
944	'auth_setting' => (int) $setting
945	);
946	}
947	}
948	}
949	}
950	}
951
952	$db->sql_multi_insert($table, $sql_ary);
953
954	if ($clear_prefetch)
955	{
956	$this->acl_clear_prefetch();
957	}
958	}
959
960	/**
961	* Set a role-specific ACL record
962	*/
963	function acl_set_role($role_id, $auth)
964	{
965	global $db;
966
967	// Get any-flag as required
968	reset($auth);
969	$flag = key($auth);
970	$flag = substr($flag, 0, strpos($flag, '_') + 1);
971
972	// Remove any-flag from auth ary
973	if (isset($auth[$flag]))
974	{
975	unset($auth[$flag]);
976	}
977
978	// Re-set any flag...
979	foreach ($auth as $auth_option => $setting)
980	{
981	if ($setting == ACL_YES && (!isset($auth[$flag]) \|\| $auth[$flag] == ACL_NEVER))
982	{
983	$auth[$flag] = ACL_YES;
984	}
985	}
986
987	$sql_ary = array();
988	foreach ($auth as $auth_option => $setting)
989	{
990	$auth_option_id = (int) $this->acl_options['id'][$auth_option];
991
992	if ($setting != ACL_NO)
993	{
994	$sql_ary[] = array(
995	'role_id' => (int) $role_id,
996	'auth_option_id' => (int) $auth_option_id,
997	'auth_setting' => (int) $setting
998	);
999	}
1000	}
1001
1002	// If no data is there, we set the any-flag to ACL_NEVER...
1003	if (!count($sql_ary))
1004	{
1005	$sql_ary[] = array(
1006	'role_id' => (int) $role_id,
1007	'auth_option_id' => (int) $this->acl_options['id'][$flag],
1008	'auth_setting' => ACL_NEVER
1009	);
1010	}
1011
1012	// Remove current auth options...
1013	$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
1014	WHERE role_id = ' . $role_id;
1015	$db->sql_query($sql);
1016
1017	// Now insert the new values
1018	$db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
1019
1020	$this->acl_clear_prefetch();
1021	}
1022
1023	/**
1024	* Remove local permission
1025	*/
1026	function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
1027	{
1028	global $db;
1029
1030	if ($ug_id === false && $forum_id === false)
1031	{
1032	return;
1033	}
1034
1035	$option_id_ary = array();
1036	$table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
1037	$id_field = $mode . '_id';
1038
1039	$where_sql = array();
1040
1041	if ($forum_id !== false)
1042	{
1043	$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
1044	}
1045
1046	if ($ug_id !== false)
1047	{
1048	$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
1049	}
1050
1051	// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
1052	if ($permission_type !== false)
1053	{
1054	// Get permission type
1055	$sql = 'SELECT auth_option, auth_option_id
1056	FROM ' . ACL_OPTIONS_TABLE . "
1057	WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char());
1058	$result = $db->sql_query($sql);
1059
1060	$auth_id_ary = array();
1061	while ($row = $db->sql_fetchrow($result))
1062	{
1063	$option_id_ary[] = $row['auth_option_id'];
1064	$auth_id_ary[$row['auth_option']] = ACL_NO;
1065	}
1066	$db->sql_freeresult($result);
1067
1068	// First of all, lets grab the items having roles with the specified auth options assigned
1069	$sql = "SELECT auth_role_id, $id_field, forum_id
1070	FROM $table, " . ACL_ROLES_TABLE . " r
1071	WHERE auth_role_id <> 0
1072	AND auth_role_id = r.role_id
1073	AND r.role_type = '{$permission_type}'
1074	AND " . implode(' AND ', $where_sql) . '
1075	ORDER BY auth_role_id';
1076	$result = $db->sql_query($sql);
1077
1078	$cur_role_auth = array();
1079	while ($row = $db->sql_fetchrow($result))
1080	{
1081	$cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
1082	}
1083	$db->sql_freeresult($result);
1084
1085	// Get role data for resetting data
1086	if (count($cur_role_auth))
1087	{
1088	$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
1089	FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
1090	WHERE ao.auth_option_id = rd.auth_option_id
1091	AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
1092	$result = $db->sql_query($sql);
1093
1094	$auth_settings = array();
1095	while ($row = $db->sql_fetchrow($result))
1096	{
1097	// We need to fill all auth_options, else setting it will fail...
1098	if (!isset($auth_settings[$row['role_id']]))
1099	{
1100	$auth_settings[$row['role_id']] = $auth_id_ary;
1101	}
1102	$auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
1103	}
1104	$db->sql_freeresult($result);
1105
1106	// Set the options
1107	foreach ($cur_role_auth as $role_id => $auth_row)
1108	{
1109	foreach ($auth_row as $f_id => $ug_row)
1110	{
1111	$this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
1112	}
1113	}
1114	}
1115	}
1116
1117	// Now, normally remove permissions...
1118	if ($permission_type !== false)
1119	{
1120	$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
1121	}
1122
1123	$sql = "DELETE FROM $table
1124	WHERE " . implode(' AND ', $where_sql);
1125	$db->sql_query($sql);
1126
1127	$this->acl_clear_prefetch();
1128	}
1129
1130	/**
1131	* Assign category to template
1132	* used by display_mask()
1133	*/
1134	function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $s_view, $show_trace = false)
1135	{
1136	global $template, $phpbb_admin_path, $phpEx, $phpbb_container;
1137
1138	/* @var $phpbb_permissions \phpbb\permissions */
1139	$phpbb_permissions = $phpbb_container->get('acl.permissions');
1140
1141	@reset($category_array);
1142	while (list($cat, $cat_array) = each($category_array))
1143	{
1144	if (!$phpbb_permissions->category_defined($cat))
1145	{
1146	continue;
1147	}
1148
1149	$template->assign_block_vars($tpl_cat, array(
1150	'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
1151	'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
1152	'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
1153
1154	'CAT_NAME' => $phpbb_permissions->get_category_lang($cat),
1155	));
1156
1157	/* Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
1158	* Commented out due to it's memory consumption and time needed
1159	*
1160	$key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
1161	$values_array = $cat_array['permissions'];
1162
1163	$cat_array['permissions'] = array();
1164
1165	foreach ($key_array as $key)
1166	{
1167	$key = str_replace('acl_', '', $key);
1168	$cat_array['permissions'][$key] = $values_array[$key];
1169	}
1170	unset($key_array, $values_array);
1171	*/
1172	@reset($cat_array['permissions']);
1173	while (list($permission, $allowed) = each($cat_array['permissions']))
1174	{
1175	if (!$phpbb_permissions->permission_defined($permission))
1176	{
1177	continue;
1178	}
1179
1180	if ($s_view)
1181	{
1182	$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1183	'S_YES' => ($allowed == ACL_YES) ? true : false,
1184	'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
1185
1186	'UG_ID' => $ug_id,
1187	'FORUM_ID' => $forum_id,
1188	'FIELD_NAME' => $permission,
1189	'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1190
1191	'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
1192	'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1193
1194	'PERMISSION' => $phpbb_permissions->get_permission_lang($permission),
1195	));
1196	}
1197	else
1198	{
1199	$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1200	'S_YES' => ($allowed == ACL_YES) ? true : false,
1201	'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
1202	'S_NO' => ($allowed == ACL_NO) ? true : false,
1203
1204	'UG_ID' => $ug_id,
1205	'FORUM_ID' => $forum_id,
1206	'FIELD_NAME' => $permission,
1207	'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1208
1209	'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
1210	'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1211
1212	'PERMISSION' => $phpbb_permissions->get_permission_lang($permission),
1213	));
1214	}
1215	}
1216	}
1217	}
1218
1219	/**
1220	* Building content array from permission rows with explicit key ordering
1221	* used by display_mask()
1222	*/
1223	function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array)
1224	{
1225	global $phpbb_container;
1226
1227	/* @var $phpbb_permissions \phpbb\permissions */
1228	$phpbb_permissions = $phpbb_container->get('acl.permissions');
1229
1230	foreach ($key_sort_array as $forum_id)
1231	{
1232	if (!isset($permission_row[$forum_id]))
1233	{
1234	continue;
1235	}
1236
1237	$permissions = $permission_row[$forum_id];
1238	ksort($permissions);
1239
1240	@reset($permissions);
1241	while (list($permission, $auth_setting) = each($permissions))
1242	{
1243	$cat = $phpbb_permissions->get_permission_category($permission);
1244
1245	// Build our categories array
1246	if (!isset($categories[$cat]))
1247	{
1248	$categories[$cat] = $phpbb_permissions->get_category_lang($cat);
1249	}
1250
1251	// Build our content array
1252	if (!isset($content_array[$forum_id]))
1253	{
1254	$content_array[$forum_id] = array();
1255	}
1256
1257	if (!isset($content_array[$forum_id][$cat]))
1258	{
1259	$content_array[$forum_id][$cat] = array(
1260	'S_YES' => false,
1261	'S_NEVER' => false,
1262	'S_NO' => false,
1263	'permissions' => array(),
1264	);
1265	}
1266
1267	$content_array[$forum_id][$cat]['S_YES'] \|= ($auth_setting == ACL_YES) ? true : false;
1268	$content_array[$forum_id][$cat]['S_NEVER'] \|= ($auth_setting == ACL_NEVER) ? true : false;
1269	$content_array[$forum_id][$cat]['S_NO'] \|= ($auth_setting == ACL_NO) ? true : false;
1270
1271	$content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
1272	}
1273	}
1274	}
1275
1276	/**
1277	* Use permissions from another user. This transferes a permission set from one user to another.
1278	* The other user is always able to revert back to his permission set.
1279	* This function does not check for lower/higher permissions, it is possible for the user to gain
1280	* "more" permissions by this.
1281	* Admin permissions will not be copied.
1282	*/
1283	function ghost_permissions($from_user_id, $to_user_id)
1284	{
1285	global $db;
1286
1287	if ($to_user_id == ANONYMOUS)
1288	{
1289	return false;
1290	}
1291
1292	$hold_ary = $this->acl_raw_data_single_user($from_user_id);
1293
1294	// Key 0 in $hold_ary are global options, all others are forum_ids
1295
1296	// We disallow copying admin permissions
1297	foreach ($this->acl_options['global'] as $opt => $id)
1298	{
1299	if (strpos($opt, 'a_') === 0)
1300	{
1301	$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
1302	}
1303	}
1304
1305	// Force a_switchperm to be allowed
1306	$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
1307
1308	$user_permissions = $this->build_bitstring($hold_ary);
1309
1310	if (!$user_permissions)
1311	{
1312	return false;
1313	}
1314
1315	$sql = 'UPDATE ' . USERS_TABLE . "
1316	SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
1317	user_perm_from = $from_user_id
1318	WHERE user_id = " . $to_user_id;
1319	$db->sql_query($sql);
1320
1321	return true;
1322	}
1323	}