Code Coverage for /data/phpBB/phpbb/auth/auth.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	10.53% covered (danger)	10.53%	2 / 19	CRAP	18.03% covered (danger)	18.03%	75 / 416
auth	0.00% covered (danger)	0.00%	0 / 1	10.53% covered (danger)	10.53%	2 / 19	19035.66	18.03% covered (danger)	18.03%	75 / 416
acl				0.00% covered (danger)	0.00%	0 / 1	210.00	0.00% covered (danger)	0.00%	0 / 33
obtain_user_data				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 7
_fill_acl				0.00% covered (danger)	0.00%	0 / 1	42.00	0.00% covered (danger)	0.00%	0 / 15
acl_get				0.00% covered (danger)	0.00%	0 / 1	19.83	53.85% covered (warning)	53.85%	7 / 13
acl_getf				0.00% covered (danger)	0.00%	0 / 1	176.61	24.14% covered (danger)	24.14%	7 / 29
acl_getf_global				0.00% covered (danger)	0.00%	0 / 1	46.44	28.57% covered (danger)	28.57%	4 / 14
acl_gets				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 11
acl_get_list				0.00% covered (danger)	0.00%	0 / 1	90.00	0.00% covered (danger)	0.00%	0 / 10
acl_cache				0.00% covered (danger)	0.00%	0 / 1	30.00	0.00% covered (danger)	0.00%	0 / 15
build_bitstring				0.00% covered (danger)	0.00%	0 / 1	110.00	0.00% covered (danger)	0.00%	0 / 22
acl_clear_prefetch				100.00% covered (success)	100.00%	1 / 1	5	100.00% covered (success)	100.00%	21 / 21
acl_role_data				0.00% covered (danger)	0.00%	0 / 1	72.00	0.00% covered (danger)	0.00%	0 / 15
acl_raw_data				0.00% covered (danger)	0.00%	0 / 1	702.00	0.00% covered (danger)	0.00%	0 / 53
acl_user_raw_data				0.00% covered (danger)	0.00%	0 / 1	110.00	0.00% covered (danger)	0.00%	0 / 23
acl_group_raw_data				100.00% covered (success)	100.00%	1 / 1	11	100.00% covered (success)	100.00%	26 / 26
acl_raw_data_single_user				0.00% covered (danger)	0.00%	0 / 1	132.00	0.00% covered (danger)	0.00%	0 / 31
_set_group_hold_ary				0.00% covered (danger)	0.00%	0 / 1	56.00	0.00% covered (danger)	0.00%	0 / 8
login				0.00% covered (danger)	0.00%	0 / 1	132.00	0.00% covered (danger)	0.00%	0 / 52
build_auth_option_statement				0.00% covered (danger)	0.00%	0 / 1	13.62	55.56% covered (warning)	55.56%	10 / 18

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	namespace phpbb\auth;
15
16	/**
17	* Permission/Auth class
18	*/
19	class auth
20	{
21	var $acl = array();
22	var $cache = array();
23	var $acl_options = array();
24	var $acl_forum_ids = false;
25
26	/**
27	* Init permissions
28	*/
29	function acl(&$userdata)
30	{
31	global $db, $cache;
32
33	$this->acl = $this->cache = $this->acl_options = array();
34	$this->acl_forum_ids = false;
35
36	if (($this->acl_options = $cache->get('_acl_options')) === false)
37	{
38	$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
39	FROM ' . ACL_OPTIONS_TABLE . '
40	ORDER BY auth_option_id';
41	$result = $db->sql_query($sql);
42
43	$global = $local = 0;
44	$this->acl_options = array();
45	while ($row = $db->sql_fetchrow($result))
46	{
47	if ($row['is_global'])
48	{
49	$this->acl_options['global'][$row['auth_option']] = $global++;
50	}
51
52	if ($row['is_local'])
53	{
54	$this->acl_options['local'][$row['auth_option']] = $local++;
55	}
56
57	$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
58	$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
59	}
60	$db->sql_freeresult($result);
61
62	$cache->put('_acl_options', $this->acl_options);
63	}
64
65	if (!trim($userdata['user_permissions']))
66	{
67	$this->acl_cache($userdata);
68	}
69
70	// Fill ACL array
71	$this->_fill_acl($userdata['user_permissions']);
72
73	// Verify bitstring length with options provided...
74	$renew = false;
75	$global_length = count($this->acl_options['global']);
76	$local_length = count($this->acl_options['local']);
77
78	// Specify comparing length (bitstring is padded to 31 bits)
79	$global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length;
80	$local_length = ($local_length % 31) ? ($local_length - ($local_length % 31) + 31) : $local_length;
81
82	// You thought we are finished now? Noooo... now compare them.
83	foreach ($this->acl as $forum_id => $bitstring)
84	{
85	if (($forum_id && strlen($bitstring) != $local_length) \|\| (!$forum_id && strlen($bitstring) != $global_length))
86	{
87	$renew = true;
88	break;
89	}
90	}
91
92	// If a bitstring within the list does not match the options, we have a user with incorrect permissions set and need to renew them
93	if ($renew)
94	{
95	$this->acl_cache($userdata);
96	$this->_fill_acl($userdata['user_permissions']);
97	}
98
99	return;
100	}
101
102	/**
103	* Retrieves data wanted by acl function from the database for the
104	* specified user.
105	*
106	* @param int $user_id User ID
107	* @return array User attributes
108	*/
109	public function obtain_user_data($user_id)
110	{
111	global $db;
112
113	$sql = 'SELECT user_id, username, user_permissions, user_type
114	FROM ' . USERS_TABLE . '
115	WHERE user_id = ' . $user_id;
116	$result = $db->sql_query($sql);
117	$user_data = $db->sql_fetchrow($result);
118	$db->sql_freeresult($result);
119	return $user_data;
120	}
121
122	/**
123	* Fill ACL array with relevant bitstrings from user_permissions column
124	* @access private
125	*/
126	function _fill_acl($user_permissions)
127	{
128	$seq_cache = array();
129	$this->acl = array();
130	$user_permissions = explode("\n", $user_permissions);
131
132	foreach ($user_permissions as $f => $seq)
133	{
134	if ($seq)
135	{
136	$i = 0;
137
138	if (!isset($this->acl[$f]))
139	{
140	$this->acl[$f] = '';
141	}
142
143	while ($subseq = substr($seq, $i, 6))
144	{
145	if (isset($seq_cache[$subseq]))
146	{
147	$converted = $seq_cache[$subseq];
148	}
149	else
150	{
151	$converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
152	}
153
154	// We put the original bitstring into the acl array
155	$this->acl[$f] .= $converted;
156	$i += 6;
157	}
158	}
159	}
160	}
161
162	/**
163	* Look up an option
164	* if the option is prefixed with !, then the result becomes negated
165	*
166	* If a forum id is specified the local option will be combined with a global option if one exist.
167	* If a forum id is not specified, only the global option will be checked.
168	*/
169	function acl_get($opt, $f = 0)
170	{
171	$negate = false;
172
173	if (strpos($opt, '!') === 0)
174	{
175	$negate = true;
176	$opt = substr($opt, 1);
177	}
178
179	if (!isset($this->cache[$f][$opt]))
180	{
181	// We combine the global/local option with an OR because some options are global and local.
182	// If the user has the global permission the local one is true too and vice versa
183	$this->cache[$f][$opt] = false;
184
185	// Is this option a global permission setting?
186	if (isset($this->acl_options['global'][$opt]))
187	{
188	if (isset($this->acl[0]))
189	{
190	$this->cache[$f][$opt] = $this->acl[0][$this->acl_options['global'][$opt]];
191	}
192	}
193
194	// Is this option a local permission setting?
195	// But if we check for a global option only, we won't combine the options...
196	if ($f != 0 && isset($this->acl_options['local'][$opt]))
197	{
198	if (isset($this->acl[$f]) && isset($this->acl[$f][$this->acl_options['local'][$opt]]))
199	{
200	$this->cache[$f][$opt] \|= $this->acl[$f][$this->acl_options['local'][$opt]];
201	}
202	}
203	}
204
205	// Founder always has all global options set to true...
206	return ($negate) ? !$this->cache[$f][$opt] : $this->cache[$f][$opt];
207	}
208
209	/**
210	* Get forums with the specified permission setting
211	*
212	* @param string $opt The permission name to lookup. If prefixed with !, the result is negated.
213	* @param bool $clean set to true if only values needs to be returned which are set/unset
214	*
215	* @return array Contains the forum ids with the specified permission set to true.
216	This is a nested array: array => forum_id => permission => true
217	*/
218	function acl_getf($opt, $clean = false)
219	{
220	$acl_f = array();
221	$negate = false;
222
223	if (strpos($opt, '!') === 0)
224	{
225	$negate = true;
226	$opt = substr($opt, 1);
227	}
228
229	// If we retrieve a list of forums not having permissions in, we need to get every forum_id
230	if ($negate)
231	{
232	if ($this->acl_forum_ids === false)
233	{
234	global $db;
235
236	$sql = 'SELECT forum_id
237	FROM ' . FORUMS_TABLE;
238
239	if (count($this->acl))
240	{
241	$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
242	}
243	$result = $db->sql_query($sql);
244
245	$this->acl_forum_ids = array();
246	while ($row = $db->sql_fetchrow($result))
247	{
248	$this->acl_forum_ids[] = $row['forum_id'];
249	}
250	$db->sql_freeresult($result);
251	}
252	}
253
254	if (isset($this->acl_options['local'][$opt]))
255	{
256	foreach ($this->acl as $f => $bitstring)
257	{
258	// Skip global settings
259	if (!$f)
260	{
261	continue;
262	}
263
264	$allowed = (!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt];
265
266	if (!$clean)
267	{
268	$acl_f[$f][$opt] = ($negate) ? !$allowed : $allowed;
269	}
270	else
271	{
272	if (($negate && !$allowed) \|\| (!$negate && $allowed))
273	{
274	$acl_f[$f][$opt] = 1;
275	}
276	}
277	}
278	}
279
280	// If we get forum_ids not having this permission, we need to fill the remaining parts
281	if ($negate && count($this->acl_forum_ids))
282	{
283	foreach ($this->acl_forum_ids as $f)
284	{
285	$acl_f[$f][$opt] = 1;
286	}
287	}
288
289	return $acl_f;
290	}
291
292	/**
293	* Get local permission state for any forum.
294	*
295	* Returns true if user has the permission in one or more forums, false if in no forum.
296	* If global option is checked it returns the global state (same as acl_get($opt))
297	* Local option has precedence...
298	*/
299	function acl_getf_global($opt)
300	{
301	if (is_array($opt))
302	{
303	// evaluates to true as soon as acl_getf_global is true for one option
304	foreach ($opt as $check_option)
305	{
306	if ($this->acl_getf_global($check_option))
307	{
308	return true;
309	}
310	}
311
312	return false;
313	}
314
315	if (isset($this->acl_options['local'][$opt]))
316	{
317	foreach ($this->acl as $f => $bitstring)
318	{
319	// Skip global settings
320	if (!$f)
321	{
322	continue;
323	}
324
325	// as soon as the user has any permission we're done so return true
326	if ((!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt])
327	{
328	return true;
329	}
330	}
331	}
332	else if (isset($this->acl_options['global'][$opt]))
333	{
334	return $this->acl_get($opt);
335	}
336
337	return false;
338	}
339
340	/**
341	* Get permission settings (more than one)
342	*/
343	function acl_gets()
344	{
345	$args = func_get_args();
346	$f = array_pop($args);
347
348	if (!is_numeric($f))
349	{
350	$args[] = $f;
351	$f = 0;
352	}
353
354	// alternate syntax: acl_gets(array('m_', 'a_'), $forum_id)
355	if (is_array($args[0]))
356	{
357	$args = $args[0];
358	}
359
360	$acl = 0;
361	foreach ($args as $opt)
362	{
363	$acl \|= $this->acl_get($opt, $f);
364	}
365
366	return $acl;
367	}
368
369	/**
370	* Get permission listing based on user_id/options/forum_ids
371	*
372	* Be careful when using this function with permissions a_, m_, u_ and f_ !
373	* It may not work correctly. When a user group grants an a_* permission,
374	* e.g. a_foo, but the user's a_foo permission is set to "Never", then
375	* the user does not in fact have the a_ permission.
376	* But the user will still be listed as having the a_ permission.
377	*
378	* For more information see: http://tracker.phpbb.com/browse/PHPBB3-10252
379	*/
380	function acl_get_list($user_id = false, $opts = false, $forum_id = false)
381	{
382	if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false)
383	{
384	$hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id));
385	}
386	else
387	{
388	$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
389	}
390
391	$auth_ary = array();
392	foreach ($hold_ary as $user_id => $forum_ary)
393	{
394	foreach ($forum_ary as $forum_id => $auth_option_ary)
395	{
396	foreach ($auth_option_ary as $auth_option => $auth_setting)
397	{
398	if ($auth_setting)
399	{
400	$auth_ary[$forum_id][$auth_option][] = $user_id;
401	}
402	}
403	}
404	}
405
406	return $auth_ary;
407	}
408
409	/**
410	* Cache data to user_permissions row
411	*/
412	function acl_cache(&$userdata)
413	{
414	global $db;
415
416	// Empty user_permissions
417	$userdata['user_permissions'] = '';
418
419	$hold_ary = $this->acl_raw_data_single_user($userdata['user_id']);
420
421	// Key 0 in $hold_ary are global options, all others are forum_ids
422
423	// If this user is founder we're going to force fill the admin options ...
424	if ($userdata['user_type'] == USER_FOUNDER)
425	{
426	foreach ($this->acl_options['global'] as $opt => $id)
427	{
428	if (strpos($opt, 'a_') === 0)
429	{
430	$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES;
431	}
432	}
433	}
434
435	$hold_str = $this->build_bitstring($hold_ary);
436
437	if ($hold_str)
438	{
439	$userdata['user_permissions'] = $hold_str;
440
441	$sql = 'UPDATE ' . USERS_TABLE . "
442	SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "',
443	user_perm_from = 0
444	WHERE user_id = " . $userdata['user_id'];
445	$db->sql_query($sql);
446	}
447
448	return;
449	}
450
451	/**
452	* Build bitstring from permission set
453	*/
454	function build_bitstring(&$hold_ary)
455	{
456	$hold_str = '';
457
458	if (count($hold_ary))
459	{
460	ksort($hold_ary);
461
462	$last_f = 0;
463
464	foreach ($hold_ary as $f => $auth_ary)
465	{
466	$ary_key = (!$f) ? 'global' : 'local';
467
468	$bitstring = array();
469	foreach ($this->acl_options[$ary_key] as $opt => $id)
470	{
471	if (isset($auth_ary[$this->acl_options['id'][$opt]]))
472	{
473	$bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]];
474
475	$option_key = substr($opt, 0, strpos($opt, '_') + 1);
476
477	// If one option is allowed, the global permission for this option has to be allowed too
478	// example: if the user has the a_ permission this means he has one or more a_* permissions
479	if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) \|\| $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
480	{
481	$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
482	}
483	}
484	else
485	{
486	$bitstring[$id] = ACL_NEVER;
487	}
488	}
489
490	// Now this bitstring defines the permission setting for the current forum $f (or global setting)
491	$bitstring = implode('', $bitstring);
492
493	// The line number indicates the id, therefore we have to add empty lines for those ids not present
494	$hold_str .= str_repeat("\n", $f - $last_f);
495
496	// Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe
497	for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31)
498	{
499	$hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT);
500	}
501
502	$last_f = $f;
503	}
504	unset($bitstring);
505
506	$hold_str = rtrim($hold_str);
507	}
508
509	return $hold_str;
510	}
511
512	/**
513	* Clear one or all users cached permission settings
514	*/
515	function acl_clear_prefetch($user_id = false)
516	{
517	global $db, $cache, $phpbb_dispatcher;
518
519	// Rebuild options cache
520	$cache->destroy('_role_cache');
521
522	$sql = 'SELECT *
523	FROM ' . ACL_ROLES_DATA_TABLE . '
524	ORDER BY role_id ASC';
525	$result = $db->sql_query($sql);
526
527	$role_cache = array();
528	while ($row = $db->sql_fetchrow($result))
529	{
530	$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
531	}
532	$db->sql_freeresult($result);
533
534	foreach ($role_cache as $role_id => $role_options)
535	{
536	$role_cache[$role_id] = serialize($role_options);
537	}
538
539	$cache->put('_role_cache', $role_cache);
540
541	// Now empty user permissions
542	$where_sql = '';
543
544	if ($user_id !== false)
545	{
546	$user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id);
547	$where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id);
548	}
549
550	$sql = 'UPDATE ' . USERS_TABLE . "
551	SET user_permissions = '',
552	user_perm_from = 0
553	$where_sql";
554	$db->sql_query($sql);
555
556	/**
557	* Event is triggered after user(s) permission settings cache has been cleared
558	*
559	* @event core.acl_clear_prefetch_after
560	* @var mixed user_id User ID(s)
561	* @since 3.1.11-RC1
562	*/
563	$vars = array('user_id');
564	extract($phpbb_dispatcher->trigger_event('core.acl_clear_prefetch_after', compact($vars)));
565
566	return;
567	}
568
569	/**
570	* Get assigned roles
571	*/
572	function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false)
573	{
574	global $db;
575
576	$roles = array();
577
578	$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
579
580	$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : '';
581	$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
582
583	// Grab assigned roles...
584	$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
585	FROM ' . (($user_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE) . ' a, ' . ACL_ROLES_TABLE . " r
586	WHERE a.auth_role_id = r.role_id
587	AND r.role_type = '" . $db->sql_escape($role_type) . "'
588	$sql_ug
589	$sql_forum
590	ORDER BY r.role_order ASC";
591	$result = $db->sql_query($sql);
592
593	while ($row = $db->sql_fetchrow($result))
594	{
595	$roles[$row[$sql_id]][$row['forum_id']] = $row['auth_role_id'];
596	}
597	$db->sql_freeresult($result);
598
599	return $roles;
600	}
601
602	/**
603	* Get raw acl data based on user/option/forum
604	*/
605	function acl_raw_data($user_id = false, $opts = false, $forum_id = false)
606	{
607	global $db;
608
609	$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
610	$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
611
612	$sql_opts = $sql_opts_select = $sql_opts_from = '';
613	$hold_ary = array();
614
615	if ($opts !== false)
616	{
617	$sql_opts_select = ', ao.auth_option';
618	$sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao';
619	$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
620	}
621
622	$sql_ary = array();
623
624	// Grab non-role settings - user-specific
625	$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
626	FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . '
627	WHERE a.auth_role_id = 0 ' .
628	(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') .
629	(($sql_user) ? 'AND a.' . $sql_user : '') . "
630	$sql_forum
631	$sql_opts";
632
633	// Now the role settings - user-specific
634	$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
635	FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
636	WHERE a.auth_role_id = r.role_id ' .
637	(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
638	(($sql_user) ? 'AND a.' . $sql_user : '') . "
639	$sql_forum
640	$sql_opts";
641
642	foreach ($sql_ary as $sql)
643	{
644	$result = $db->sql_query($sql);
645
646	while ($row = $db->sql_fetchrow($result))
647	{
648	$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
649	$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
650	}
651	$db->sql_freeresult($result);
652	}
653
654	$sql_ary = array();
655
656	// Now grab group settings - non-role specific...
657	$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
658	FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g' . $sql_opts_from . '
659	WHERE a.auth_role_id = 0 ' .
660	(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
661	AND a.group_id = ug.group_id
662	AND g.group_id = ug.group_id
663	AND ug.user_pending = 0
664	AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
665	' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
666	$sql_forum
667	$sql_opts";
668
669	// Now grab group settings - role specific...
670	$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
671	FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
672	WHERE a.auth_role_id = r.role_id ' .
673	(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
674	AND a.group_id = ug.group_id
675	AND g.group_id = ug.group_id
676	AND ug.user_pending = 0
677	AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
678	' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
679	$sql_forum
680	$sql_opts";
681
682	foreach ($sql_ary as $sql)
683	{
684	$result = $db->sql_query($sql);
685
686	while ($row = $db->sql_fetchrow($result))
687	{
688	$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
689
690	if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) \|\| (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER))
691	{
692	$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
693
694	// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
695	if ($row['auth_setting'] == ACL_NEVER)
696	{
697	$flag = substr($option, 0, strpos($option, '_') + 1);
698
699	if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
700	{
701	unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
702
703	/* if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
704	{
705	$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
706	}
707	*/
708	}
709	}
710	}
711	}
712	$db->sql_freeresult($result);
713	}
714
715	return $hold_ary;
716	}
717
718	/**
719	* Get raw user based permission settings
720	*/
721	function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false)
722	{
723	global $db;
724
725	$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
726	$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
727
728	$sql_opts = '';
729	$hold_ary = $sql_ary = array();
730
731	if ($opts !== false)
732	{
733	$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
734	}
735
736	// Grab user settings - non-role specific...
737	$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
738	FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
739	WHERE a.auth_role_id = 0
740	AND a.auth_option_id = ao.auth_option_id ' .
741	(($sql_user) ? 'AND a.' . $sql_user : '') . "
742	$sql_forum
743	$sql_opts
744	ORDER BY a.forum_id, ao.auth_option";
745
746	// Now the role settings - user-specific
747	$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option
748	FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
749	WHERE a.auth_role_id = r.role_id
750	AND r.auth_option_id = ao.auth_option_id ' .
751	(($sql_user) ? 'AND a.' . $sql_user : '') . "
752	$sql_forum
753	$sql_opts
754	ORDER BY a.forum_id, ao.auth_option";
755
756	foreach ($sql_ary as $sql)
757	{
758	$result = $db->sql_query($sql);
759
760	while ($row = $db->sql_fetchrow($result))
761	{
762	$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
763	}
764	$db->sql_freeresult($result);
765	}
766
767	return $hold_ary;
768	}
769
770	/**
771	* Get raw group based permission settings
772	*/
773	function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)
774	{
775	global $db;
776
777	$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
778	$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
779	$sql_is_local = !empty($forum_id) ? 'AND ao.is_local <> 0' : '';
780
781	$sql_opts = '';
782	$hold_ary = $sql_ary = array();
783
784	if ($opts !== false)
785	{
786	$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
787	}
788
789	// Grab group settings - non-role specific...
790	$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
791	FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao
792	WHERE a.auth_role_id = 0
793	AND a.auth_option_id = ao.auth_option_id
794	$sql_is_local " .
795	(($sql_group) ? 'AND a.' . $sql_group : '') . "
796	$sql_forum
797	$sql_opts
798	ORDER BY a.forum_id, ao.auth_option";
799
800	// Now grab group settings - role specific...
801	$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
802	FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao
803	WHERE a.auth_role_id = r.role_id
804	$sql_is_local
805	AND r.auth_option_id = ao.auth_option_id " .
806	(($sql_group) ? 'AND a.' . $sql_group : '') . "
807	$sql_forum
808	$sql_opts
809	ORDER BY a.forum_id, ao.auth_option";
810
811	foreach ($sql_ary as $sql)
812	{
813	$result = $db->sql_query($sql);
814
815	while ($row = $db->sql_fetchrow($result))
816	{
817	$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
818	}
819	$db->sql_freeresult($result);
820	}
821
822	return $hold_ary;
823	}
824
825	/**
826	* Get raw acl data based on user for caching user_permissions
827	* This function returns the same data as acl_raw_data(), but without the user id as the first key within the array.
828	*/
829	function acl_raw_data_single_user($user_id)
830	{
831	global $db, $cache;
832
833	// Check if the role-cache is there
834	if (($role_cache = $cache->get('_role_cache')) === false)
835	{
836	$role_cache = array();
837
838	// We pre-fetch roles
839	$sql = 'SELECT *
840	FROM ' . ACL_ROLES_DATA_TABLE . '
841	ORDER BY role_id ASC';
842	$result = $db->sql_query($sql);
843
844	while ($row = $db->sql_fetchrow($result))
845	{
846	$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
847	}
848	$db->sql_freeresult($result);
849
850	foreach ($role_cache as $role_id => $role_options)
851	{
852	$role_cache[$role_id] = serialize($role_options);
853	}
854
855	$cache->put('_role_cache', $role_cache);
856	}
857
858	$hold_ary = array();
859
860	// Grab user-specific permission settings
861	$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
862	FROM ' . ACL_USERS_TABLE . '
863	WHERE user_id = ' . $user_id;
864	$result = $db->sql_query($sql);
865
866	while ($row = $db->sql_fetchrow($result))
867	{
868	// If a role is assigned, assign all options included within this role. Else, only set this one option.
869	if ($row['auth_role_id'])
870	{
871	$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($role_cache[$row['auth_role_id']]);
872	}
873	else
874	{
875	$hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
876	}
877	}
878	$db->sql_freeresult($result);
879
880	// Now grab group-specific permission settings
881	$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
882	FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
883	WHERE a.group_id = ug.group_id
884	AND g.group_id = ug.group_id
885	AND ug.user_pending = 0
886	AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
887	AND ug.user_id = ' . $user_id;
888	$result = $db->sql_query($sql);
889
890	while ($row = $db->sql_fetchrow($result))
891	{
892	if (!$row['auth_role_id'])
893	{
894	$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
895	}
896	else if (!empty($role_cache[$row['auth_role_id']]))
897	{
898	foreach (unserialize($role_cache[$row['auth_role_id']]) as $option_id => $setting)
899	{
900	$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
901	}
902	}
903	}
904	$db->sql_freeresult($result);
905
906	return $hold_ary;
907	}
908
909	/**
910	* Private function snippet for setting a specific piece of the hold_ary
911	*/
912	function _set_group_hold_ary(&$hold_ary, $option_id, $setting)
913	{
914	if (!isset($hold_ary[$option_id]) \|\| (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER))
915	{
916	$hold_ary[$option_id] = $setting;
917
918	// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
919	if ($setting == ACL_NEVER)
920	{
921	$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
922	$flag = (int) $this->acl_options['id'][$flag];
923
924	if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
925	{
926	unset($hold_ary[$flag]);
927
928	/* This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible
929	if (in_array(ACL_YES, $hold_ary))
930	{
931	$hold_ary[$flag] = ACL_YES;
932	}*/
933	}
934	}
935	}
936	}
937
938	/**
939	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
940	*/
941	function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
942	{
943	global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
944	global $phpbb_dispatcher;
945
946	/* @var $provider_collection \phpbb\auth\provider_collection */
947	$provider_collection = $phpbb_container->get('auth.provider_collection');
948
949	$provider = $provider_collection->get_provider();
950	if ($provider)
951	{
952	$login = $provider->login($username, $password);
953
954	// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
955	if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
956	{
957	// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
958	if (!function_exists('user_add'))
959	{
960	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
961	}
962
963	user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);
964
965	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
966	FROM ' . USERS_TABLE . "
967	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
968	$result = $db->sql_query($sql);
969	$row = $db->sql_fetchrow($result);
970	$db->sql_freeresult($result);
971
972	if (!$row)
973	{
974	return array(
975	'status' => LOGIN_ERROR_EXTERNAL_AUTH,
976	'error_msg' => 'AUTH_NO_PROFILE_CREATED',
977	'user_row' => array('user_id' => ANONYMOUS),
978	);
979	}
980
981	$login = array(
982	'status' => LOGIN_SUCCESS,
983	'error_msg' => false,
984	'user_row' => $row,
985	);
986	}
987
988	// If the auth provider wants us to link an empty account do so and redirect
989	if ($login['status'] == LOGIN_SUCCESS_LINK_PROFILE)
990	{
991	// If this status exists a fourth field is in the $login array called 'redirect_data'
992	// This data is passed along as GET data to the next page allow the account to be linked
993
994	$params = array('mode' => 'login_link');
995	$url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data']));
996
997	redirect($url);
998	}
999
1000	/**
1001	* Event is triggered after checking for valid username and password, and before the actual session creation.
1002	*
1003	* @event core.auth_login_session_create_before
1004	* @var array login Variable containing login array
1005	* @var bool admin Boolean variable whether user is logging into the ACP
1006	* @var string username Username of user to log in
1007	* @var bool autologin Boolean variable signaling whether login is triggered via auto login
1008	* @since 3.1.7-RC1
1009	*/
1010	$vars = array(
1011	'login',
1012	'admin',
1013	'username',
1014	'autologin',
1015	);
1016	extract($phpbb_dispatcher->trigger_event('core.auth_login_session_create_before', compact($vars)));
1017
1018	// If login succeeded, we will log the user in... else we pass the login array through...
1019	if ($login['status'] == LOGIN_SUCCESS)
1020	{
1021	$old_session_id = $user->session_id;
1022
1023	if ($admin)
1024	{
1025	global $SID, $_SID;
1026
1027	$cookie_expire = time() - 31536000;
1028	$user->set_cookie('u', '', $cookie_expire);
1029	$user->set_cookie('sid', '', $cookie_expire);
1030	unset($cookie_expire);
1031
1032	$SID = '?sid=';
1033	$user->session_id = $_SID = '';
1034	}
1035
1036	$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
1037
1038	// Successful session creation
1039	if ($result === true)
1040	{
1041	// If admin re-authentication we remove the old session entry because a new one has been created...
1042	if ($admin)
1043	{
1044	// the login array is used because the user ids do not differ for re-authentication
1045	$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
1046	WHERE session_id = '" . $db->sql_escape($old_session_id) . "'
1047	AND session_user_id = {$login['user_row']['user_id']}";
1048	$db->sql_query($sql);
1049	}
1050
1051	return array(
1052	'status' => LOGIN_SUCCESS,
1053	'error_msg' => false,
1054	'user_row' => $login['user_row'],
1055	);
1056	}
1057
1058	return array(
1059	'status' => LOGIN_BREAK,
1060	'error_msg' => $result,
1061	'user_row' => $login['user_row'],
1062	);
1063	}
1064
1065	return $login;
1066	}
1067
1068	trigger_error('Authentication method not found', E_USER_ERROR);
1069	}
1070
1071	/**
1072	* Fill auth_option statement for later querying based on the supplied options
1073	*/
1074	function build_auth_option_statement($key, $auth_options, &$sql_opts)
1075	{
1076	global $db;
1077
1078	if (!is_array($auth_options))
1079	{
1080	if (strpos($auth_options, '%') !== false)
1081	{
1082	$sql_opts = "AND $key " . $db->sql_like_expression(str_replace('%', $db->get_any_char(), $auth_options));
1083	}
1084	else
1085	{
1086	$sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'";
1087	}
1088	}
1089	else
1090	{
1091	$is_like_expression = false;
1092
1093	foreach ($auth_options as $option)
1094	{
1095	if (strpos($option, '%') !== false)
1096	{
1097	$is_like_expression = true;
1098	}
1099	}
1100
1101	if (!$is_like_expression)
1102	{
1103	$sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options);
1104	}
1105	else
1106	{
1107	$sql = array();
1108
1109	foreach ($auth_options as $option)
1110	{
1111	if (strpos($option, '%') !== false)
1112	{
1113	$sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->get_any_char(), $option));
1114	}
1115	else
1116	{
1117	$sql[] = $key . " = '" . $db->sql_escape($option) . "'";
1118	}
1119	}
1120
1121	$sql_opts = 'AND (' . implode(' OR ', $sql) . ')';
1122	}
1123	}
1124	}
1125	}