1670 $db->free_result(); |
1670 $db->free_result(); |
1671 |
1671 |
1672 // regenerate page selection |
1672 // regenerate page selection |
1673 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false; |
1673 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false; |
1674 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false; |
1674 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false; |
|
1675 $parms['mode'] = 'seltarget_id'; |
1675 $page_id =& $parms['page_id']; |
1676 $page_id =& $parms['page_id']; |
1676 $namespace =& $parms['namespace']; |
1677 $namespace =& $parms['namespace']; |
1677 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\''; |
1678 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\''; |
1678 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\''; |
1679 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\''; |
|
1680 |
|
1681 $return['page_id'] = $parms['page_id']; |
|
1682 $return['namespace'] = $parms['namespace']; |
1679 |
1683 |
1680 // From here, let the seltarget handler take over |
1684 // From here, let the seltarget handler take over |
1681 case 'seltarget': |
1685 case 'seltarget': |
1682 $return['mode'] = 'seltarget'; |
1686 $return['mode'] = 'seltarget'; |
1683 $return['acl_types'] = $perms_obj->acl_types; |
1687 $return['acl_types'] = $perms_obj->acl_types; |
1686 $return['target_type'] = $parms['target_type']; |
1690 $return['target_type'] = $parms['target_type']; |
1687 $return['target_id'] = $parms['target_id']; |
1691 $return['target_id'] = $parms['target_id']; |
1688 switch($parms['target_type']) |
1692 switch($parms['target_type']) |
1689 { |
1693 { |
1690 case ACL_TYPE_USER: |
1694 case ACL_TYPE_USER: |
1691 $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u |
1695 $user_col = ( $parms['mode'] == 'seltarget_id' ) ? 'user_id' : 'username'; |
|
1696 $q = $db->sql_query('SELECT a.rules,u.user_id,u.username FROM ' . table_prefix.'users AS u |
1692 LEFT JOIN ' . table_prefix.'acl AS a |
1697 LEFT JOIN ' . table_prefix.'acl AS a |
1693 ON a.target_id=u.user_id |
1698 ON a.target_id=u.user_id |
1694 WHERE a.target_type='.ACL_TYPE_USER.' |
1699 WHERE a.target_type='.ACL_TYPE_USER.' |
1695 AND u.username=\'' . $db->escape($parms['target_id']) . '\' |
1700 AND u.' . $user_col . ' = \'' . $db->escape($parms['target_id']) . '\' |
1696 ' . $page_where_clause . ';'); |
1701 ' . $page_where_clause . ';'); |
1697 if(!$q) |
1702 if(!$q) |
1698 return(Array('mode'=>'error','error'=>$db->get_error())); |
1703 return(Array('mode'=>'error','error'=>$db->get_error())); |
1699 if($db->numrows() < 1) |
1704 if($db->numrows() < 1) |
1700 { |
1705 { |
1701 $return['type'] = 'new'; |
1706 $return['type'] = 'new'; |
1702 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';'); |
1707 $q = $db->sql_query('SELECT user_id,username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';'); |
1703 if(!$q) |
1708 if(!$q) |
1704 return(Array('mode'=>'error','error'=>$db->get_error())); |
1709 return(Array('mode'=>'error','error'=>$db->get_error())); |
1705 if($db->numrows() < 1) |
1710 if($db->numrows() < 1) |
1706 return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found')); |
1711 return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'),'debug' => $db->sql_backtrace()); |
1707 $row = $db->fetchrow(); |
1712 $row = $db->fetchrow(); |
1708 $return['target_name'] = $return['target_id']; |
1713 $return['target_name'] = $row['username']; |
1709 $return['target_id'] = intval($row['user_id']); |
1714 $return['target_id'] = intval($row['user_id']); |
1710 $return['current_perms'] = array(); |
1715 $return['current_perms'] = array(); |
1711 } |
1716 } |
1712 else |
1717 else |
1713 { |
1718 { |
1714 $return['type'] = 'edit'; |
1719 $return['type'] = 'edit'; |
1715 $row = $db->fetchrow(); |
1720 $row = $db->fetchrow(); |
1716 $return['target_name'] = $return['target_id']; |
1721 $return['target_name'] = $row['username']; |
1717 $return['target_id'] = intval($row['user_id']); |
1722 $return['target_id'] = intval($row['user_id']); |
1718 $return['current_perms'] = $session->string_to_perm($row['rules']); |
1723 $return['current_perms'] = $session->string_to_perm($row['rules']); |
1719 } |
1724 } |
1720 $db->free_result(); |
1725 $db->free_result(); |
1721 // Eliminate types that don't apply to this namespace |
1726 // Eliminate types that don't apply to this namespace |
1828 case 'delete': |
1833 case 'delete': |
1829 if ( defined('ENANO_DEMO_MODE') ) |
1834 if ( defined('ENANO_DEMO_MODE') ) |
1830 { |
1835 { |
1831 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo')); |
1836 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo')); |
1832 } |
1837 } |
1833 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
1838 $sql = 'DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
1834 ' . $page_where_clause_lite . ';'); |
1839 ' . $page_where_clause_lite . ';'; |
|
1840 $q = $db->sql_query($sql); |
1835 if(!$q) |
1841 if(!$q) |
1836 return Array('mode'=>'error','error'=>$db->get_error()); |
1842 return Array('mode'=>'error','error'=>$db->get_error()); |
1837 return Array( |
1843 return Array( |
1838 'mode' => 'delete', |
1844 'mode' => 'delete', |
1839 'target_type' => $parms['target_type'], |
1845 'target_type' => $parms['target_type'], |
1840 'target_id' => $parms['target_id'], |
1846 'target_id' => $parms['target_id'], |
1841 'target_name' => $parms['target_name'], |
1847 'target_name' => $parms['target_name'], |
1842 'page_id' => $page_id, |
1848 'page_id' => $page_id, |
1843 'namespace' => $namespace, |
1849 'namespace' => $namespace, |
1844 ); |
1850 ); |
|
1851 break; |
|
1852 case 'list_existing': |
|
1853 |
|
1854 $return = array( |
|
1855 'mode' => 'list_existing', |
|
1856 'key' => acl_list_draw_key(), |
|
1857 'rules' => array() |
|
1858 ); |
|
1859 |
|
1860 $q = $db->sql_query("SELECT a.rule_id, u.username, g.group_name, a.target_type, a.target_id, a.page_id, a.namespace, a.rules, p.pg_name\n" |
|
1861 . " FROM " . table_prefix . "acl AS a\n" |
|
1862 . " LEFT JOIN " . table_prefix . "users AS u\n" |
|
1863 . " ON ( (a.target_type = " . ACL_TYPE_USER . " AND a.target_id = u.user_id) OR (u.user_id IS NULL) )\n" |
|
1864 . " LEFT JOIN " . table_prefix . "groups AS g\n" |
|
1865 . " ON ( (a.target_type = " . ACL_TYPE_GROUP . " AND a.target_id = g.group_id) OR (g.group_id IS NULL) )\n" |
|
1866 . " LEFT JOIN " . table_prefix . "page_groups as p\n" |
|
1867 . " ON ( (a.namespace = '__PageGroup' AND a.page_id = p.pg_id) OR (p.pg_id IS NULL) )\n" |
|
1868 . " GROUP BY a.rule_id\n" |
|
1869 . " ORDER BY a.target_type ASC, a.rule_id ASC;" |
|
1870 ); |
|
1871 |
|
1872 if ( !$q ) |
|
1873 $db->_die(); |
|
1874 |
|
1875 while ( $row = $db->fetchrow($q) ) |
|
1876 { |
|
1877 if ( $row['target_type'] == ACL_TYPE_USER && empty($row['username']) ) |
|
1878 { |
|
1879 // This is only done if we have an ACL affecting a user that doesn't exist. |
|
1880 // Nice little bit of maintenance to have. |
|
1881 if ( !$db->sql_query("DELETE FROM " . table_prefix . "acl WHERE rule_id = {$row['rule_id']};") ) |
|
1882 $db->_die(); |
|
1883 continue; |
|
1884 } |
|
1885 $score = get_acl_rule_score($row['rules']); |
|
1886 $deep_limit = ACL_SCALE_MINIMAL_SHADE; |
|
1887 // Determine background color of cell by score |
|
1888 if ( $score > 5 ) |
|
1889 { |
|
1890 // high score, show in green |
|
1891 $color = 2.5 * $score; |
|
1892 if ( $color > 255 ) |
|
1893 $color = 255; |
|
1894 $color = round($color); |
|
1895 // blend with the colordepth limit |
|
1896 $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) ); |
|
1897 $color = dechex($color); |
|
1898 $color = "{$color}ff{$color}"; |
|
1899 } |
|
1900 else if ( $score < -5 ) |
|
1901 { |
|
1902 // low score, show in red |
|
1903 $color = 0 - $score; |
|
1904 $color = 2.5 * $color; |
|
1905 if ( $color > 255 ) |
|
1906 $color = 255; |
|
1907 $color = round($color); |
|
1908 // blend with the colordepth limit |
|
1909 $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) ); |
|
1910 $color = dechex($color); |
|
1911 $color = "ff{$color}{$color}"; |
|
1912 } |
|
1913 else |
|
1914 { |
|
1915 $color = 'efefef'; |
|
1916 } |
|
1917 |
|
1918 // Rate rule textually based on its score |
|
1919 if ( $score >= 70 ) |
|
1920 $desc = $lang->get('acl_msg_scale_allow'); |
|
1921 else if ( $score >= 50 ) |
|
1922 $desc = $lang->get('acl_msg_scale_mostly_allow'); |
|
1923 else if ( $score >= 25 ) |
|
1924 $desc = $lang->get('acl_msg_scale_some_allow'); |
|
1925 else if ( $score >= -25 ) |
|
1926 $desc = $lang->get('acl_msg_scale_mixed'); |
|
1927 else if ( $score <= -70 ) |
|
1928 $desc = $lang->get('acl_msg_scale_deny'); |
|
1929 else if ( $score <= -50 ) |
|
1930 $desc = $lang->get('acl_msg_scale_mostly_deny'); |
|
1931 else if ( $score <= -25 ) |
|
1932 $desc = $lang->get('acl_msg_scale_some_deny'); |
|
1933 |
|
1934 // group and user target info |
|
1935 $info = ''; |
|
1936 if ( $row['target_type'] == ACL_TYPE_USER ) |
|
1937 $info = $lang->get('acl_msg_list_user', array( 'username' => $row['username'] )); // "(User: {$row['username']})"; |
|
1938 else if ( $row['target_type'] == ACL_TYPE_GROUP ) |
|
1939 $info = $lang->get('acl_msg_list_group', array( 'group' => $row['group_name'] )); |
|
1940 |
|
1941 // affected pages info |
|
1942 if ( $row['page_id'] && $row['namespace'] && $row['namespace'] != '__PageGroup' ) |
|
1943 $info .= $lang->get('acl_msg_list_on_page', array( 'page_name' => "{$row['namespace']}:{$row['page_id']}" )); |
|
1944 else if ( $row['page_id'] && $row['namespace'] && $row['namespace'] == '__PageGroup' ) |
|
1945 $info .= $lang->get('acl_msg_list_on_page_group', array( 'page_group' => $row['pg_name'] )); |
|
1946 else |
|
1947 $info .= $lang->get('acl_msg_list_entire_site'); |
|
1948 |
|
1949 $score_string = $lang->get('acl_msg_list_score', array |
|
1950 ( |
|
1951 'score' => $score, |
|
1952 'desc' => $desc, |
|
1953 'info' => $info |
|
1954 )); |
|
1955 $return['rules'][] = array( |
|
1956 'score_string' => $score_string, |
|
1957 'rule_id' => $row['rule_id'], |
|
1958 'color' => $color |
|
1959 ); |
|
1960 } |
|
1961 |
1845 break; |
1962 break; |
1846 default: |
1963 default: |
1847 return Array('mode'=>'error','error'=>'Hacking attempt'); |
1964 return Array('mode'=>'error','error'=>'Hacking attempt'); |
1848 break; |
1965 break; |
1849 } |
1966 } |
2123 return $response; |
2240 return $response; |
2124 } |
2241 } |
2125 |
2242 |
2126 } |
2243 } |
2127 |
2244 |
|
2245 /** |
|
2246 * Generates a graphical key showing how the ACL rule list works. |
|
2247 * @return string |
|
2248 */ |
|
2249 |
|
2250 function acl_list_draw_key() |
|
2251 { |
|
2252 $out = '<div style="width: 460px; margin: 0 auto; text-align: center; margin-bottom: 10px;">'; |
|
2253 $out .= '<div style="float: left;">← Deny</div>'; |
|
2254 $out .= '<div style="float: right;">Allow →</div>'; |
|
2255 $out .= 'Neutral'; |
|
2256 $out .= '<div style="clear: both;"></div>'; |
|
2257 // 11 boxes on each side of the center |
|
2258 $inc = ceil ( ( 0xFF - ACL_SCALE_MINIMAL_SHADE ) / 11 ); |
|
2259 for ( $i = ACL_SCALE_MINIMAL_SHADE; $i <= 0xFF; $i+= $inc ) |
|
2260 { |
|
2261 $octet = dechex($i); |
|
2262 $color = "ff$octet$octet"; |
|
2263 $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>'; |
|
2264 } |
|
2265 $out .= '<div style="background-color: #efefef; float: left; width: 20px;"> </div>'; |
|
2266 for ( $i = 0xFF; $i >= ACL_SCALE_MINIMAL_SHADE; $i-= $inc ) |
|
2267 { |
|
2268 $octet = dechex($i); |
|
2269 $color = "{$octet}ff{$octet}"; |
|
2270 $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>'; |
|
2271 } |
|
2272 $out .= '<div style="clear: both;"></div>'; |
|
2273 $out .= '<div style="float: left;">-100</div>'; |
|
2274 $out .= '<div style="float: right;">+100</div>'; |
|
2275 $out .= '0'; |
|
2276 $out .= '</div>'; |
|
2277 return $out; |
|
2278 } |
|
2279 |
|
2280 /** |
|
2281 * Gets the numerical score for the serialized form of an ACL rule |
|
2282 */ |
|
2283 |
|
2284 function get_acl_rule_score($perms) |
|
2285 { |
|
2286 global $db, $session, $paths, $template, $plugins; // Common objects |
|
2287 if ( is_string($perms) ) |
|
2288 $perms = $session->string_to_perm($perms); |
|
2289 else if ( !is_array($perms) ) |
|
2290 return false; |
|
2291 $score = 0; |
|
2292 foreach ( $perms as $item ) |
|
2293 { |
|
2294 switch ( $item ) |
|
2295 { |
|
2296 case AUTH_ALLOW : |
|
2297 $inc = 2; |
|
2298 break; |
|
2299 case AUTH_WIKIMODE: |
|
2300 $inc = 1; |
|
2301 break; |
|
2302 case AUTH_DISALLOW: |
|
2303 $inc = -1; |
|
2304 break; |
|
2305 case AUTH_DENY: |
|
2306 $inc = -2; |
|
2307 break; |
|
2308 default: |
|
2309 $inc = 0; |
|
2310 break; |
|
2311 } |
|
2312 $score += $inc; |
|
2313 } |
|
2314 // this is different from the beta; calculate highest score and |
|
2315 // get percentage to be fairer to smaller/less broad rules |
|
2316 $divisor = count($perms) * 2; |
|
2317 if ( $divisor == 0 ) |
|
2318 { |
|
2319 return 0; |
|
2320 } |
|
2321 $score = 100 * ( $score / $divisor ); |
|
2322 return round($score); |
|
2323 } |
|
2324 |
2128 ?> |
2325 ?> |