Changeset 19

Timestamp:

2007-11-23 12:07:31 (4 years ago)

Author:

hannes

Message:

rights table: renaming 'read' r and 'write' w to avoid escaping problem

Files:

• trunk/admin/classes/pages/Addcategory.php (modified) (2 diffs)
• trunk/admin/classes/pages/Addforum.php (modified) (2 diffs)
• trunk/admin/classes/pages/Banning.php (modified) (2 diffs)
• trunk/admin/classes/pages/Category.php (modified) (1 diff)
• trunk/admin/classes/pages/Deletecategory.php (modified) (2 diffs)
• trunk/admin/classes/pages/Deleteforum.php (modified) (2 diffs)
• trunk/admin/classes/pages/Editmember.php (modified) (2 diffs)
• trunk/admin/classes/pages/Footer.php (modified) (2 diffs)
• trunk/admin/classes/pages/Groups.php (modified) (2 diffs)
• trunk/admin/classes/pages/Header.php (modified) (2 diffs)
• trunk/admin/classes/pages/Memberstages.php (modified) (2 diffs)
• trunk/admin/classes/pages/Moderators.php (modified) (2 diffs)
• trunk/admin/classes/pages/Modifycategory.php (modified) (2 diffs)
• trunk/admin/classes/pages/Modifyforum.php (modified) (2 diffs)
• trunk/admin/classes/pages/Permissions.php (modified) (8 diffs)
• trunk/admin/classes/pages/Settings.php (modified) (2 diffs)
• trunk/admin/redirectors/logout.php (modified) (1 diff)
• trunk/classes/misc/Forumjump.php (modified) (2 diffs)
• trunk/classes/misc/Member.php (modified) (3 diffs)
• trunk/classes/misc/Post.php (modified) (4 diffs)
• trunk/classes/pages/Calendar.php (modified) (1 diff)
• trunk/classes/pages/Category.php (modified) (1 diff)
• trunk/classes/pages/Delete.php (modified) (1 diff)
• trunk/classes/pages/Edit.php (modified) (1 diff)
• trunk/classes/pages/Forum.php (modified) (1 diff)
• trunk/classes/pages/Help.php (modified) (1 diff)
• trunk/classes/pages/Login.php (modified) (1 diff)
• trunk/classes/pages/Lostpassword.php (modified) (2 diffs)
• trunk/classes/pages/Mail.php (modified) (2 diffs)
• trunk/classes/pages/Members.php (modified) (1 diff)
• trunk/classes/pages/Messenger.php (modified) (8 diffs)
• trunk/classes/pages/Moderate.php (modified) (9 diffs)
• trunk/classes/pages/Newpoll.php (modified) (1 diff)
• trunk/classes/pages/Newtopic.php (modified) (1 diff)
• trunk/classes/pages/Page.php (modified) (1 diff)
• trunk/classes/pages/Profile.php (modified) (1 diff)
• trunk/classes/pages/Register.php (modified) (2 diffs)
• trunk/classes/pages/Reply.php (modified) (1 diff)
• trunk/classes/pages/Rules.php (modified) (1 diff)
• trunk/classes/pages/Search.php (modified) (5 diffs)
• trunk/classes/pages/Topic.php (modified) (1 diff)
• trunk/classes/pages/Userpanel.php (modified) (2 diffs)
• trunk/db/data.sql (added)
• trunk/db/spamboard.sql (modified) (3 diffs)
• trunk/includes/login.php (modified) (1 diff)
• trunk/install.php (modified) (3 diffs)
• trunk/redirectors/forumjump.php (modified) (1 diff)
• trunk/redirectors/login.php (modified) (1 diff)
• trunk/redirectors/logout.php (modified) (1 diff)
• trunk/redirectors/markasread.php (modified) (1 diff)
• trunk/redirectors/pollvote.php (modified) (2 diffs)
• trunk/redirectors/postinghelp.php (modified) (1 diff)
• trunk/redirectors/preview.php (modified) (1 diff)
• trunk/redirectors/showip.php (modified) (1 diff)
• trunk/redirectors/uploadavatar.php (modified) (2 diffs)

trunk/admin/classes/pages/Addcategory.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // get biggest 'order' value
-                $q = $C->prepare('SELECT MAX(category_order) AS neworder FROM ' . $SETTINGS['dbtableprefix'] . 'categories');
@@ -61 +61 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('addcategory'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Addforum.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // get biggest 'order' value
-                $q = $C->prepare('SELECT MAX(forum_order) FROM ' . $SETTINGS['dbtableprefix'] . 'forums WHERE forum_category = :id');
@@ -63 +63 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('addforum'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Banning.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // open settings file for write access
-                if ($file = @fopen('../includes/config/bans.php', 'w')) {
@@ -104 +104 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('banning'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Category.php

@@ -37 +37 @@
-        // call parent constructor (general HTML 'skeleton')
-        parent::__construct(TRUE);
-ead
+
-            $div = $this->html->body->addChild('div', str_replace('%membername%', $_SESSION['membername'], $LANG['admin_panel_welcome']));
-            $div->addAttribute('id', 'admin_main');

trunk/admin/classes/pages/Deletecategory.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                if ($newcategory == '0') {
-                    // no moving necessary
@@ -101 +101 @@
-        } else {
-            // pre-commit
-ead
+
-                $this->html->body->addChild('b', $LANG['warning_deleting_category']);
-                $form = new Form($F->link('deletecategory'));

trunk/admin/classes/pages/Deleteforum.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                if ($newcategory != $id) {
-                    if ($newcategory == '0') {
@@ -92 +92 @@
-        } else {
-            // pre-commit
-ead
+
-                $this->html->body->addChild('b', $LANG['warning_deleting_forum']);
-                $form = new Form($F->link('deleteforum'));

trunk/admin/classes/pages/Editmember.php

@@ -46 +46 @@
-        if ($commit == 'y' || $submit == $LANG['Delete']) {
-            // post-commit
-rite
+
-                // check if valid member id
-                $q = $C->prepare('SELECT COUNT(*) FROM ' . $SETTINGS['dbtableprefix'] . 'members WHERE memberid = :id');
@@ -236 +236 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('editmember'));
-                $form->createTable('adminform');

trunk/admin/classes/pages/Footer.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // check if input is well-formed
-                $newheader = trim($newheader);
@@ -67 +67 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('footer'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Groups.php

@@ -45 +45 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // go through all existing groups to update them accordingly
-                foreach ($C->query('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'usergroups') as $row) {
@@ -96 +96 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('groups'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Header.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // check if input is well-formed
-                $newheader = trim($newheader);
@@ -67 +67 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('header'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Memberstages.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // open file for write access
-                if ($file = @fopen('../includes/config/memberstages.php', 'w')) {
@@ -66 +66 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('memberstages'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Moderators.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                $_warnings = '';
-                // go through all forums
@@ -100 +100 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('moderators'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Modifycategory.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // go through all categories
-                foreach ($C->query('SELECT category_id FROM ' . $SETTINGS['dbtableprefix'] . 'categories') as $row) {
@@ -59 +59 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('modifycategory'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Modifyforum.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // go through all forums
-                foreach ($C->query('SELECT forumid FROM ' . $SETTINGS['dbtableprefix'] . 'forums') as $row) {
@@ -61 +61 @@
-        } else {
-            // pre-commit
-ead
+
-                $form = new Form($F->link('modifyforum'));
-                $form->addInput('hidden', 'commit', 'y');

trunk/admin/classes/pages/Permissions.php

@@ -51 +51 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // check if that group exists
-                $q = $C->prepare('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'usergroups WHERE id = :id');
@@ -70 +70 @@
-                        $q3 = NULL;
-                        foreach ($rows3 as $row3) {
-ead, write
+, w
-                            $q4->bindParam(':page', $row3['page'], PDO::PARAM_STR);
-                            $q4->bindParam(':group', $id, PDO::PARAM_INT, 12);
-ead
-rite
+
+
-                            $q4->execute();
-                            $q4 = NULL;
@@ -82 +82 @@
-                            foreach ($C->query('SELECT forumid FROM ' . $SETTINGS['dbtableprefix'] . 'forums') as $row4) {
-                                foreach ($_forum_pages as $_page_stub) {
-ead, write
+, w
-                                    $q5->bindValue(':page', $_page_stub . '=' . $row4['forumid'], PDO::PARAM_STR);
-                                    $q5->bindParam(':group', $id, PDO::PARAM_INT, 12);
@@ -95 +95 @@
-                        // insert the new permissions of this group
-                        foreach ($newpagepermissions as $_page) {
-ead, write
+, w
-                            $q2->bindParam(':page', $_page, PDO::PARAM_STR);
-                            $q2->bindParam(':group', $id, PDO::PARAM_INT, 12);
@@ -127 +127 @@
-        } else {
-            // pre-commit
-ead
+
-                // check if that group exists
-                $q = $C->prepare('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'usergroups WHERE id = :id');
@@ -163 +163 @@
-                                    }
-                                    $q2 = NULL;
-ead
+
-                                        // nothing set yet, so 'default deny'
-ead
-rite
+
+
-                                    }
-                                    $_col2 = '<input name="newpageread[' . $_page . ']" type="checkbox"';
-ead
+
-                                        $_col2 .= ' checked="checked"';
-                                    }
-                                    $_col2 .= ' value="1" />';
-                                    $_col3 = '<input name="newpagewrite[' . $_page . ']" type="checkbox"';
-rite
+
-                                        $_col3 .= ' checked="checked"';
-                                    }
@@ -195 +195 @@
-                        }
-                        $q2 = NULL;
-ead
+
-                            // nothing set yet, so 'default deny'
-ead
-rite
+
+
-                        }
-                        $_col2 = '<input name="newpageread[' . $_page . ']" type="checkbox"';
-ead
+
-                            $_col2 .= ' checked="checked"';
-                        }
-                        $_col2 .= ' value="1" />';
-                        $_col3 = '<input name="newpagewrite[' . $_page . ']" type="checkbox"';
-rite
+
-                            $_col3 .= ' checked="checked"';
-                        }
@@ -224 +224 @@
-                            }
-                            $q2 = NULL;
-ead
+
-                                // nothing set yet, so 'default deny'
-ead
-rite
+
+
-                            }
-                            $_col2 = '<input name="newpageread[' . $_page . ']" type="checkbox"';
-ead
+
-                                $_col2 .= ' checked="checked"';
-                            }
-                            $_col2 .= ' value="1" />';
-                            $_col3 = '<input name="newpagewrite[' . $_page . ']" type="checkbox"';
-rite
+
-                                $_col3 .= ' checked="checked"';
-                            }

trunk/admin/classes/pages/Settings.php

@@ -40 +40 @@
-        if ($commit == 'y') {
-            // post-commit
-rite
+
-                // open settings file for write access
-                if ($file = @fopen('../includes/config/settings.php', 'w')) {
@@ -116 +116 @@
-        } else {
-            // pre-commit
-ead
+
-                // show form to change all basic settings
-                $form = new Form($F->link('settings'));

trunk/admin/redirectors/logout.php

@@ -47 +47 @@
-
-// check if user has permission; required: write; independent from id
-rite
+
-    // permission granted
-    // remove authentication flag

trunk/classes/misc/Forumjump.php

@@ -44 +44 @@
-            foreach ($rows as $row) {
-                // offer only categories which the user may read
-ead
+
-                    // set number of forums in this category to zero
-                    $n = 0;
@@ -57 +57 @@
-                        foreach ($rows2 as $row2) {
-                            // offer only forums which the user may read
-ead
+
-                                // increase number of forums
-                                $n++;

trunk/classes/misc/Member.php

@@ -529 +529 @@
-     * Input:       $page   - page the user is trying to access (apart from
-     *                        a few special cases, this is the class name)
-or 'write'
+(r) or 'write' (w)
-     *              $id     - some permissions aren't set globally per page,
-     *                        but depend on the called id in addition
@@ -541 +541 @@
-            if ($_SESSION['memberid'] > 0) {
-                // get member's groups
-=
+ = 
-                $q->bindParam(':id', $_SESSION['memberid'], PDO::PARAM_INT, 12);
-                $q->execute();
@@ -553 +553 @@
-                foreach ($_groups as $key=>$val) {
-                    // check if this member is part of a group which has access to admin panel
-=:group AND read=
+ = :group AND r = 
-                    $q->bindValue(':admin', 'admin/', PDO::PARAM_STR);
-                    $q->bindParam(':group', $val, PDO::PARAM_INT, 12);

trunk/classes/misc/Post.php

@@ -110 +110 @@
-        // check required permissions; required: 'write' on the kind of post (reply, new topic, new poll)
-        if ($show_orig === 'reply') {
-rite
+
-                $ok = 1;
-            } else {
@@ -116 +116 @@
-            }
-        } elseif ($show_orig === 'newtopic') {
-rite
+
-                $ok = 1;
-            } else {
@@ -122 +122 @@
-            }
-        } elseif ($show_orig === 'newpoll') {
-rite
+
-                $ok = 1;
-            } else {
@@ -276 +276 @@
-                            if ($_FILES['attachment']['tmp_name'] != 'none' && $_FILES['attachment']['tmp_name'] != '') {
-                                // guests can't attach files
-rite
+
-                                    // if member
-                                    if (!is_uploaded_file($_FILES['attachment']['tmp_name'])) {

trunk/classes/pages/Calendar.php

@@ -39 +39 @@
-        parent::__construct();
-        // check if user has permission; required: read;
-ead
+
-        if ($_permit) {
-            // get current date

trunk/classes/pages/Category.php

@@ -74 +74 @@
-                /* check if user has permission on this forum;
-                 * required: read; dependent on id */
-ead
+
-                if ($_permit) {
-                    // increase number of permitted forums

trunk/classes/pages/Delete.php

@@ -57 +57 @@
-        parent::__construct();
-        // check if user has permission; required: write; dependent on id
-rite
+
-            // permission granted
-            $this->html->body->addChild('h2', $LANG['Delete_Post']);

trunk/classes/pages/Edit.php

@@ -57 +57 @@
-        parent::__construct();
-        // check if user has permission; required: write; dependent on id
-rite
+
-            // permission granted
-            $this->html->body->addChild('h2', $LANG['Edit_Post']);

trunk/classes/pages/Forum.php

@@ -45 +45 @@
-        parent::__construct();
-        // check if user has permission; required: read; dependent on id
-ead
+
-        if ($_permit) {
-            // get forum name, id etc. to print heading

trunk/classes/pages/Help.php

@@ -40 +40 @@
-        parent::__construct();
-        // check if user has permission; required: read; independent from id
-ead
+
-            // permission granted
-            $this->html->body->addChild('h2', $LANG['Help']);

trunk/classes/pages/Login.php

@@ -40 +40 @@
-        $this->html->body->addChild('h2', $LANG['Login']);
-        // check if user has permission; required: read; independent from id
-ead
+
-            // permission granted
-            // form

trunk/classes/pages/Lostpassword.php

@@ -42 +42 @@
-        if ($GLOBALS['commit'] == 'y') {
-            // check if user has permission; required: write; independent from id
-rite
+
-                // permission granted
-                if (isset($email) && $email != '') {
@@ -71 +71 @@
-        } else {
-            // check if user has permission; required: read; independent from id
-ead
+
-                // permission granted
-                // form

trunk/classes/pages/Mail.php

@@ -44 +44 @@
-        if ($GLOBALS['commit'] == 'y') {
-            // check if user has permission; required: write; independent from id
-rite
+
-                // permission granted
-                // get sender information
@@ -87 +87 @@
-        } else {
-            // check if user has permission; required: read; independent from id
-ead
+
-                // permission granted
-                if ($receipient->getMailHidden() === FALSE) {

trunk/classes/pages/Members.php

@@ -39 +39 @@
-        parent::__construct();
-        // check if user has permission; required: read;
-ead
+
-        if ($_permit) {
-            // default page

trunk/classes/pages/Messenger.php

@@ -70 +70 @@
-                /* check if user has permission;
-                 * required: write; independent from id */
-rite
+
-                    // permission granted
-                    if ($id == 0) {
@@ -125 +125 @@
-                /* check if user has permission;
-                 * required: read; independent from id */
-ead
+
-                    // permission granted
-                    $q = $C->prepare('SELECT addressbook FROM ' . $SETTINGS['dbtableprefix'] . 'members WHERE memberid=:id');
@@ -169 +169 @@
-                /* check if user has permission;
-                 * required: write; independent from id */
-rite
+
-                    // permission granted
-                    // get message
@@ -215 +215 @@
-                /* check if user has permission;
-                 * required: write; independent from id */
-rite
+
-                    // permission granted
-                    // IP banning
@@ -305 +305 @@
-                /* check if user has permission;
-                 * required: write; independent from id */
-rite
+
-                    // permission granted
-                    if (isset($reply) && $reply > 0) {
@@ -338 +338 @@
-                /* check if user has permission;
-                 * required: read; independent from id */
-ead
+
-                    // permission granted
-                    $q = $C->prepare('SELECT messageid, messagereceipient, messagetitle, messagetime FROM ' . $SETTINGS['dbtableprefix'] . 'messages WHERE messagesender=:id AND messagesenderflag > :zero ORDER BY messagetime DESC');
@@ -365 +365 @@
-                /* check if user has permission;
-                 * required: read; independent from id */
-ead
+
-                    // permission granted
-                    $q = $C->prepare('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'messages WHERE messageid=:id');
@@ -401 +401 @@
-                /* check if user has permission;
-                 * required: read; independent from id */
-ead
+
-                    // permission granted
-                    $q = $C->prepare('SELECT messageid, messagesender, messagetitle, messagetime, messagereceipientflag FROM ' . $SETTINGS['dbtableprefix'] . 'messages WHERE messagereceipient=:id AND messagereceipientflag > :zero ORDER BY messagetime DESC');

trunk/classes/pages/Moderate.php

@@ -57 +57 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (for topic starter and forum moderator, not for groups which have global rights) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Edit_Title']);
@@ -91 +91 @@
-                /* check if user has permission; required: write;
-                 * dependent on id for groups which don't have global rights on this feature (i.e. per-forum moderators) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Lock_Topic']);
@@ -111 +111 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (again, OR global rights) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Unlock_Topic']);
@@ -131 +131 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (OR global rights) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Pin_Topic']);
@@ -151 +151 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (or global rights) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Unpin_Topic']);
@@ -171 +171 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (unless global rights apply) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Delete_Topic']);
@@ -207 +207 @@
-                /* check if user has permission; required: write;
-                 * independent from id (global rights only) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Move_Topic']);
@@ -258 +258 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (unless global rights apply) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Merge_Topic']);
@@ -344 +344 @@
-                /* check if user has permission; required: write;
-                 * dependent on id (unless user equipped with global rights) */
-rite
+
-                    // permission granted
-                    $this->html->body->addChild('h2', $LANG['Split_Topic']);

trunk/classes/pages/Newpoll.php

@@ -55 +55 @@
-            // show form
-            // check if user has permission; required: read; dependent on id
-ead
+
-                // permission granted
-                // form

trunk/classes/pages/Newtopic.php

@@ -55 +55 @@
-            // show reply form
-            // check if user has permission; required: read; dependent on id
-ead
+
-                // permission granted
-                // form

trunk/classes/pages/Page.php

@@ -165 +165 @@
-                $_str = '<div><span>' . $LANG['Logged_in_as'] . '</span> <a href="' . $F->link('profile') . 'id=' . $_SESSION['memberid'] . '">' . $_SESSION['membername'] . '</a>';
-                // link to admin panel
-ead
+
-                    $_str .= ' <a href="admin/" target="_blank">' . $LANG['Admin_Panel'] . '</a>';
-                    // maintainance mode

trunk/classes/pages/Profile.php

@@ -42 +42 @@
-        parent::__construct();
-        // check if user has permission; required: read; independent from id
-ead
+
-        if ($_permit) {
-            // start normal output

trunk/classes/pages/Register.php

@@ -42 +42 @@
-        if ($GLOBALS['commit'] == 'y') {
-            // check if user has permission; required: write; independent from id
-rite
+
-                // permission granted
-                if ($auth_code == $_SESSION['pw']) {
@@ -146 +146 @@
-        } else {
-            // check if user has permission; required: read; independent from id
-ead
+
-                // permission granted
-                // generate new session password

trunk/classes/pages/Reply.php

@@ -60 +60 @@
-            // show reply form
-            // check if user has permission; required: read; dependent on id
-ead
+
-                // permission granted
-                // get text to quote (if needed)

trunk/classes/pages/Rules.php

@@ -39 +39 @@
-        parent::__construct();
-        // check if user has permission; required: read; independent from id
-ead
+
-            // permission granted
-            $this->html->body->addChild('h2', $LANG['Rules']);

trunk/classes/pages/Search.php

@@ -40 +40 @@
-        if ($results == 'y') {
-            // check if user has permission; required: write;
-rite
+
-            if ($_permit) {
-                // also check for flood control
@@ -64 +64 @@
-                    foreach ($C->query('SELECT forumid FROM ' . $SETTINGS['dbtableprefix'] . 'forums') as $row) {
-                        // put forum ids for which access is NOT granted into search condition
-ead
+
-                            $_cond .= ' AND t.forum!=' . $row['forumid'];
-                        }
@@ -229 +229 @@
-        } else {
-            // check if user has permission; required: read;
-ead
+
-            if ($_permit) {
-                // header
@@ -248 +248 @@
-                    foreach ($rows as $row) {
-                        // offer only categories which the user may read
-ead
+
-                            // set number of forums in this category to zero
-                            $n = 0;
@@ -262 +262 @@
-                                foreach ($rows2 as $row2) {
-                                    // offer only forums which the user may read
-ead
+
-                                        // increase number of forums
-                                        $n++;

trunk/classes/pages/Topic.php

@@ -53 +53 @@
-        parent::__construct();
-        // check if user has permission on the forum; required: read; dependent on id
-ead
+
-        // if user may see topics in this forum, continue
-        if ($_permit) {

trunk/classes/pages/Userpanel.php

@@ -44 +44 @@
-        if ($GLOBALS['commit'] == 'y') {
-            // check if user has permission; required: write; independent from id
-rite
+
-                // permission granted
-                switch ($action) {
@@ -328 +328 @@
-        } else {
-            // check if user has permission; required: read; independent from id
-ead
+
-                // permission granted
-                switch ($action) {

trunk/db/spamboard.sql

@@ -74 +74 @@
-);
-
-CREATE TABLE %prefix%rights (
-    page VARCHAR(255),
-    usergroup INTEGER,
-    read INTEGER,
-    write INTEGER,
-    PRIMARY KEY (page,usergroup)
-);
-INSERT INTO %prefix%rights VALUES('Profile',1,1,0);
-INSERT INTO %prefix%rights VALUES('Profile',2,1,0);
-INSERT INTO %prefix%rights VALUES('Profile',4,1,0);
-INSERT INTO %prefix%rights VALUES('Profile',5,0,0);
-INSERT INTO %prefix%rights VALUES('admin/',1,1,1);
-INSERT INTO %prefix%rights VALUES('Lostpassword',1,1,1);
-INSERT INTO %prefix%rights VALUES('Lostpassword',2,1,1);
-INSERT INTO %prefix%rights VALUES('Lostpassword',4,1,1);
-INSERT INTO %prefix%rights VALUES('Lostpassword',5,1,1);
-INSERT INTO %prefix%rights VALUES('Login',1,1,1);
-INSERT INTO %prefix%rights VALUES('Login',2,1,1);
-INSERT INTO %prefix%rights VALUES('Login',4,1,1);
-INSERT INTO %prefix%rights VALUES('Login',5,1,1);
-INSERT INTO %prefix%rights VALUES('Calendar',1,1,1);
-INSERT INTO %prefix%rights VALUES('Calendar',2,1,1);
-INSERT INTO %prefix%rights VALUES('Calendar',4,1,1);
-INSERT INTO %prefix%rights VALUES('Calendar',5,1,1);
-INSERT INTO %prefix%rights VALUES('Register',1,1,1);
-INSERT INTO %prefix%rights VALUES('Register',2,1,1);
-INSERT INTO %prefix%rights VALUES('Register',4,1,1);
-INSERT INTO %prefix%rights VALUES('Register',5,1,1);
-INSERT INTO %prefix%rights VALUES('Members',1,1,0);
-INSERT INTO %prefix%rights VALUES('Members',2,1,0);
-INSERT INTO %prefix%rights VALUES('Members',4,1,0);
-INSERT INTO %prefix%rights VALUES('Members',5,1,0);
-INSERT INTO %prefix%rights VALUES('Search',1,1,1);
-INSERT INTO %prefix%rights VALUES('Search',2,1,1);
-INSERT INTO %prefix%rights VALUES('Search',4,1,1);
-INSERT INTO %prefix%rights VALUES('Search',5,1,1);
-INSERT INTO %prefix%rights VALUES('Mail',1,1,1);
-INSERT INTO %prefix%rights VALUES('Mail',2,1,1);
-INSERT INTO %prefix%rights VALUES('Mail',4,1,1);
-INSERT INTO %prefix%rights VALUES('Mail',5,0,0);
-INSERT INTO %prefix%rights VALUES('Attachments',1,1,1);
-INSERT INTO %prefix%rights VALUES('Attachments',2,1,1);
-INSERT INTO %prefix%rights VALUES('Attachments',4,1,1);
-INSERT INTO %prefix%rights VALUES('Attachments',5,0,0);
-INSERT INTO %prefix%rights VALUES('Markasread',1,1,1);
-INSERT INTO %prefix%rights VALUES('Markasread',2,1,1);
-INSERT INTO %prefix%rights VALUES('Markasread',4,1,1);
-INSERT INTO %prefix%rights VALUES('Markasread',5,1,1);
-INSERT INTO %prefix%rights VALUES('Rules',1,1,1);
-INSERT INTO %prefix%rights VALUES('Rules',2,1,1);
-INSERT INTO %prefix%rights VALUES('Rules',4,1,1);
-INSERT INTO %prefix%rights VALUES('Rules',5,1,1);
-INSERT INTO %prefix%rights VALUES('Help',1,1,1);
-INSERT INTO %prefix%rights VALUES('Help',2,1,1);
-INSERT INTO %prefix%rights VALUES('Help',4,1,1);
-INSERT INTO %prefix%rights VALUES('Help',5,1,1);
-INSERT INTO %prefix%rights VALUES('Pollvote',1,1,1);
-INSERT INTO %prefix%rights VALUES('Pollvote',2,1,1);
-INSERT INTO %prefix%rights VALUES('Pollvote',4,1,1);
-INSERT INTO %prefix%rights VALUES('Pollvote',5,1,0);
-INSERT INTO %prefix%rights VALUES('Showip',1,1,1);
-INSERT INTO %prefix%rights VALUES('Showip',2,1,1);
-INSERT INTO %prefix%rights VALUES('Showip',4,0,0);
-INSERT INTO %prefix%rights VALUES('Showip',5,0,0);
-INSERT INTO %prefix%rights VALUES('Messenger',1,1,1);
-INSERT INTO %prefix%rights VALUES('Messenger',2,1,1);
-INSERT INTO %prefix%rights VALUES('Messenger',4,1,1);
-INSERT INTO %prefix%rights VALUES('Messenger',5,0,0);
-INSERT INTO %prefix%rights VALUES('Postinghelp',1,1,1);
-INSERT INTO %prefix%rights VALUES('Postinghelp',2,1,1);
-INSERT INTO %prefix%rights VALUES('Postinghelp',4,1,1);
-INSERT INTO %prefix%rights VALUES('Postinghelp',5,1,1);
-INSERT INTO %prefix%rights VALUES('Preview',1,1,1);
-INSERT INTO %prefix%rights VALUES('Preview',2,1,1);
-INSERT INTO %prefix%rights VALUES('Preview',4,1,1);
-INSERT INTO %prefix%rights VALUES('Preview',5,1,1);
-INSERT INTO %prefix%rights VALUES('Edit_Title',1,1,1);
-INSERT INTO %prefix%rights VALUES('Edit_Title',2,1,1);
-INSERT INTO %prefix%rights VALUES('Edit_Title',4,0,0);
-INSERT INTO %prefix%rights VALUES('Edit_Title',5,0,0);
-INSERT INTO %prefix%rights VALUES('Lock',1,1,1);
-INSERT INTO %prefix%rights VALUES('Lock',2,1,1);
-INSERT INTO %prefix%rights VALUES('Lock',4,0,0);
-INSERT INTO %prefix%rights VALUES('Lock',5,0,0);
-INSERT INTO %prefix%rights VALUES('Unlock',1,1,1);
-INSERT INTO %prefix%rights VALUES('Unlock',2,1,1);
-INSERT INTO %prefix%rights VALUES('Unlock',4,0,0);
-INSERT INTO %prefix%rights VALUES('Unlock',5,0,0);
-INSERT INTO %prefix%rights VALUES('Delete_Topic',1,1,1);
-INSERT INTO %prefix%rights VALUES('Delete_Topic',2,1,1);
-INSERT INTO %prefix%rights VALUES('Delete_Topic',4,0,0);
-INSERT INTO %prefix%rights VALUES('Delete_Topic',5,0,0);
-INSERT INTO %prefix%rights VALUES('Pin',1,1,1);
-INSERT INTO %prefix%rights VALUES('Pin',2,1,1);
-INSERT INTO %prefix%rights VALUES('Pin',4,0,0);
-INSERT INTO %prefix%rights VALUES('Pin',5,0,0);
-INSERT INTO %prefix%rights VALUES('Unpin',1,1,1);
-INSERT INTO %prefix%rights VALUES('Unpin',2,1,1);
-INSERT INTO %prefix%rights VALUES('Unpin',4,0,0);
-INSERT INTO %prefix%rights VALUES('Unpin',5,0,0);
-INSERT INTO %prefix%rights VALUES('Move',1,1,1);
-INSERT INTO %prefix%rights VALUES('Move',2,1,1);
-INSERT INTO %prefix%rights VALUES('Move',4,0,0);
-INSERT INTO %prefix%rights VALUES('Move',5,0,0);
-INSERT INTO %prefix%rights VALUES('Merge',1,1,1);
-INSERT INTO %prefix%rights VALUES('Merge',2,1,1);
-INSERT INTO %prefix%rights VALUES('Merge',4,0,0);
-INSERT INTO %prefix%rights VALUES('Merge',5,0,0);
-INSERT INTO %prefix%rights VALUES('Split',5,0,0);
-INSERT INTO %prefix%rights VALUES('Split',4,0,0);
-INSERT INTO %prefix%rights VALUES('Split',2,1,1);
-INSERT INTO %prefix%rights VALUES('Split',1,1,1);
-INSERT INTO %prefix%rights VALUES('Delete',1,1,1);
-INSERT INTO %prefix%rights VALUES('Delete',2,1,1);
-INSERT INTO %prefix%rights VALUES('Delete',4,0,0);
-INSERT INTO %prefix%rights VALUES('Delete',5,0,0);
-INSERT INTO %prefix%rights VALUES('Edit',1,1,1);
-INSERT INTO %prefix%rights VALUES('Edit',2,1,1);
-INSERT INTO %prefix%rights VALUES('Edit',4,0,0);
-INSERT INTO %prefix%rights VALUES('Edit',5,0,0);
-INSERT INTO %prefix%rights VALUES('Profile',3,1,0);
-INSERT INTO %prefix%rights VALUES('Lostpassword',3,1,1);
-INSERT INTO %prefix%rights VALUES('Login',3,1,1);
-INSERT INTO %prefix%rights VALUES('Calendar',3,1,1);
-INSERT INTO %prefix%rights VALUES('Register',3,1,1);
-INSERT INTO %prefix%rights VALUES('Members',3,1,0);
-INSERT INTO %prefix%rights VALUES('Search',3,1,1);
-INSERT INTO %prefix%rights VALUES('Mail',3,1,1);
-INSERT INTO %prefix%rights VALUES('Attachments',3,1,1);
-INSERT INTO %prefix%rights VALUES('Markasread',3,1,1);
-INSERT INTO %prefix%rights VALUES('Rules',3,1,1);
-INSERT INTO %prefix%rights VALUES('Help',3,1,1);
-INSERT INTO %prefix%rights VALUES('Pollvote',3,1,1);
-INSERT INTO %prefix%rights VALUES('Showip',3,0,0);
-INSERT INTO %prefix%rights VALUES('Messenger',3,1,1);
-INSERT INTO %prefix%rights VALUES('Postinghelp',3,1,1);
-INSERT INTO %prefix%rights VALUES('Preview',3,1,1);
-INSERT INTO %prefix%rights VALUES('Edit_Title',3,0,0);
-INSERT INTO %prefix%rights VALUES('Lock',3,0,0);
-INSERT INTO %prefix%rights VALUES('Unlock',3,0,0);
-INSERT INTO %prefix%rights VALUES('Delete_Topic',3,0,0);
-INSERT INTO %prefix%rights VALUES('Pin',3,0,0);
-INSERT INTO %prefix%rights VALUES('Unpin',3,0,0);
-INSERT INTO %prefix%rights VALUES('Move',3,0,0);
-INSERT INTO %prefix%rights VALUES('Merge',3,0,0);
-INSERT INTO %prefix%rights VALUES('Split',3,0,0);
-INSERT INTO %prefix%rights VALUES('Delete',3,0,0);
-INSERT INTO %prefix%rights VALUES('Edit',3,0,0);
-INSERT INTO %prefix%rights VALUES('Uploadavatar',1,1,1);
-INSERT INTO %prefix%rights VALUES('Uploadavatar',2,1,1);
-INSERT INTO %prefix%rights VALUES('Uploadavatar',3,1,1);
-INSERT INTO %prefix%rights VALUES('Uploadavatar',4,1,1);
-INSERT INTO %prefix%rights VALUES('Uploadavatar',5,0,0);
-INSERT INTO %prefix%rights VALUES('Userpanel',1,1,1);
-INSERT INTO %prefix%rights VALUES('Userpanel',2,1,1);
-INSERT INTO %prefix%rights VALUES('Userpanel',3,1,1);
-INSERT INTO %prefix%rights VALUES('Userpanel',4,1,1);
-INSERT INTO %prefix%rights VALUES('Userpanel',5,0,0);
-
-CREATE TABLE %prefix%rights_default (
-    page VARCHAR(255),
-    usergroup INTEGER,
-    read INTEGER,
-    write INTEGER,
-    PRIMARY KEY (page,usergroup)
-);
-INSERT INTO %prefix%rights_default VALUES('Profile',1,1,0);
-INSERT INTO %prefix%rights_default VALUES('Profile',2,1,0);
-INSERT INTO %prefix%rights_default VALUES('Profile',4,1,0);
-INSERT INTO %prefix%rights_default VALUES('Profile',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('admin/',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lostpassword',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lostpassword',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lostpassword',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lostpassword',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Login',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Login',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Login',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Login',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Calendar',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Calendar',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Calendar',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Calendar',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Register',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Register',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Register',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Register',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Members',1,1,0);
-INSERT INTO %prefix%rights_default VALUES('Members',2,1,0);
-INSERT INTO %prefix%rights_default VALUES('Members',4,1,0);
-INSERT INTO %prefix%rights_default VALUES('Members',5,1,0);
-INSERT INTO %prefix%rights_default VALUES('Search',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Search',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Search',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Search',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Mail',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Mail',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Mail',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Mail',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Attachments',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Attachments',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Attachments',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Attachments',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Markasread',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Markasread',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Markasread',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Markasread',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Rules',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Rules',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Rules',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Rules',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Help',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Help',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Help',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Help',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pollvote',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pollvote',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pollvote',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pollvote',5,1,0);
-INSERT INTO %prefix%rights_default VALUES('Showip',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Showip',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Showip',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Showip',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Messenger',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Messenger',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Messenger',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Messenger',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Postinghelp',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Postinghelp',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Postinghelp',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Postinghelp',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Preview',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Preview',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Preview',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Preview',5,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit_Title',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit_Title',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit_Title',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Edit_Title',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Lock',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lock',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Lock',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Lock',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unlock',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Unlock',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Unlock',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unlock',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Delete_Topic',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Delete_Topic',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Delete_Topic',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Delete_Topic',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Pin',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pin',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pin',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Pin',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unpin',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Unpin',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Unpin',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unpin',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Move',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Move',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Move',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Move',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Merge',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Merge',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Merge',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Merge',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Split',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Split',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Split',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Split',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Delete',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Delete',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Delete',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Delete',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Edit',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit',4,0,0);
-INSERT INTO %prefix%rights_default VALUES('Edit',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Profile',3,1,0);
-INSERT INTO %prefix%rights_default VALUES('Lostpassword',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Login',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Calendar',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Register',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Members',3,1,0);
-INSERT INTO %prefix%rights_default VALUES('Search',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Mail',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Attachments',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Markasread',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Rules',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Help',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Pollvote',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Showip',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Messenger',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Postinghelp',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Preview',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Edit_Title',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Lock',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unlock',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Delete_Topic',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Pin',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Unpin',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Move',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Merge',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Split',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Delete',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Edit',3,0,0);
-INSERT INTO %prefix%rights_default VALUES('Uploadavatar',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Uploadavatar',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Uploadavatar',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Uploadavatar',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Uploadavatar',5,0,0);
-INSERT INTO %prefix%rights_default VALUES('Userpanel',1,1,1);
-INSERT INTO %prefix%rights_default VALUES('Userpanel',2,1,1);
-INSERT INTO %prefix%rights_default VALUES('Userpanel',3,1,1);
-INSERT INTO %prefix%rights_default VALUES('Userpanel',4,1,1);
-INSERT INTO %prefix%rights_default VALUES('Userpanel',5,0,0);
-
-CREATE TABLE %prefix%usergroups (
-  id INTEGER,
@@ -398 +80 @@
-  PRIMARY KEY (id)
-);
-
-INSERT INTO %prefix%usergroups VALUES(1,'Admin',0);
-INSERT INTO %prefix%usergroups VALUES(2,'Global Moderator',0);
-INSERT INTO %prefix%usergroups VALUES(3,'Moderator',0);
-INSERT INTO %prefix%usergroups VALUES(4,'Member',0);
-INSERT INTO %prefix%usergroups VALUES(5,'Guest',0);
-
-CREATE TABLE %prefix%members (
@@ -450 +126 @@
-    member INTEGER NOT NULL
-);
+
+CREATE TABLE %prefix%rights (
+    page VARCHAR(255),
+    usergroup INTEGER,
+    r INTEGER,
+    w INTEGER,
+    PRIMARY KEY (page,usergroup)
+);
+
+CREATE TABLE %prefix%rights_default (
+    page VARCHAR(255),
+    usergroup INTEGER,
+    r INTEGER,
+    w INTEGER,
+    PRIMARY KEY (page,usergroup)
+);

trunk/includes/login.php

@@ -68 +68 @@
-// set special admin flag if necessary
-if ($admin) {
-ead
+
-        // everything alright
-        $_SESSION['auth_admin'] = 'yes';

trunk/install.php

@@ -220 +220 @@
-                    // open SQL connection
-                    if ($C = new Connection()) {
- and default groups / rights
+
-                        if ($db = @file_get_contents('db/spamboard.sql')) {
-                            // one SQL query at a time
@@ -227 +227 @@
-                                $C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query));
-                            }
-MySQL specialities
-$SETTINGS['sqltype'] == 'mysql'
-mysql
+specialities dependent on database type
+is_file('db/' . $SETTINGS['sqltype'] . '.sql')
+' . $SETTINGS['sqltype'] . '
-                                    // one SQL query at a time
-                                    $db = explode(';', $db);
@@ -236 +236 @@
-                                    }
-                                } else { $ok = 0; }
+                            }
+                            // finally, fill in default data
+                            if ($db = @file_get_contents('db/data.sql')) {
+                                // one SQL query at a time
+                                $db = explode(';', $db);
+                                foreach ($db as $query) {
+                                    $C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query));
+                                }
-                            }
-                            // write the admin account

trunk/redirectors/forumjump.php

@@ -51 +51 @@
-
-// check if user has permission; required: read; dependent on id
-ead
+
-    // permission granted
-    // close database connection

trunk/redirectors/login.php

@@ -52 +52 @@
-
-// check if user has permission; required: write; independent from id
-rite
+
-    // permission granted
-    // try authenticating member

trunk/redirectors/logout.php

@@ -48 +48 @@
-
-// check if user has permission; required: write; independent from id
-rite
+
-    // permission granted
-    // update session

trunk/redirectors/markasread.php

@@ -48 +48 @@
-
-// check if user has permission; required: write; independent from id
-rite
+
-    // permission granted
-    // close databast connection

trunk/redirectors/pollvote.php

@@ -56 +56 @@
-    case 'yes':
-        // check if user has permission; required: read; independent from id
-ead
+
-            // permission granted
-            // get poll info
@@ -118 +118 @@
-    default:
-        // check if user has permission; required: write; independent from id
-rite
+
-            // permission granted
-            $q = $C->prepare('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'polls WHERE pollid=:id');

trunk/redirectors/postinghelp.php

@@ -53 +53 @@
-
-// check if user has permission; required: read; independent from id
-ead
+
-    // permission granted
-    // output

trunk/redirectors/preview.php

@@ -53 +53 @@
-
-// check if user has permission; required: read; independent from id
-ead
+
-    // permission granted
-    // header

trunk/redirectors/showip.php

@@ -53 +53 @@
-
-// check if user has permission; required: read; dependent on id
-ead
+
-    // permission granted
-    // get IP form database

trunk/redirectors/uploadavatar.php

@@ -55 +55 @@
-    // post-commit
-    // check if user has permission; required: write; independent from id
-rite
+
-        // permission granted
-        if (is_array($_FILES['avatarfile']) && is_uploaded_file($_FILES['avatarfile']['tmp_name'])) {
@@ -125 +125 @@
-    // pre-commit
-    // check if user has permission; required: read; independent from id
-ead
+
-        // permission granted
-        $html->body->addElement(new XMLElement($LANG['upload_avatar_hints']));