Changeset 2233

Show
Ignore:
Timestamp:
06/28/09 13:03:01 (9 months ago)
Author:
Rollsroyce
Message:

fixed users not being able to post due to incomplete rights check

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • modules/common/mail2forum/php-files/modules/mail2forum/m2f_pop3.php

    r2043 r2233  
    448448 
    449449// returns true if this user is allowed to post in this forum 
    450 function can_post($usergroups, $forumgroup) { 
     450function can_post($usergroups, $forumgroup, $userlevel) { 
    451451    global $db_prefix, $groups; 
    452452     
    453     $groups = explode(".", substr($usergroups, 1)); 
    454     foreach ($groups as $group) { 
    455         // check if this groups has subgroups. If so, add them to the array 
    456         getsubgroups($group); 
    457     } 
    458     // create a new user_group field with all inherited groups, and 
    459     // get the inherited group rights and add them to the user own rights 
    460     // everyone is always member of group 0 (public) 
    461     $usergroups = ".0"; 
    462     foreach ($groups as $group) { 
    463         $usergroups .= ".".$group; 
    464         $result = dbarray(dbquery("SELECT group_groups FROM ".$db_prefix."user_groups WHERE group_id = '".$group."'")); 
    465         if (isset($result['group_groups']) && $result['group_groups'] != "") { 
    466             $usergroups .= ($usergroups==""?"":".").$result['group_groups']; 
    467         } 
    468     } 
    469  
    470     if (in_array($forumgroup, explode(".", substr($usergroups,1)))) { 
    471         return true; 
    472     } else { 
    473         return false; 
     453    // process according to the forumgroup 
     454    switch ($forumgroup) { 
     455        case 0: 
     456            // public access 
     457            return true; 
     458            break; 
     459        case 101: 
     460        case 102: 
     461        case 103: 
     462            // members, administrators and webmaster fixed groups 
     463            return ($userlevel >= $forumgroup); 
     464            break; 
     465        default: 
     466            // all other groups 
     467            $groups = explode(".", substr($usergroups, 1)); 
     468            foreach ($groups as $group) { 
     469                // check if this groups has subgroups. If so, add them to the array 
     470                getsubgroups($group); 
     471            } 
     472            // create a new user_group field with all inherited groups, and 
     473            // get the inherited group rights and add them to the user own rights 
     474            // everyone is always member of group 0 (public) 
     475            $usergroups = ".0"; 
     476            foreach ($groups as $group) { 
     477                $usergroups .= ".".$group; 
     478                $result = dbarray(dbquery("SELECT group_groups FROM ".$db_prefix."user_groups WHERE group_id = '".$group."'")); 
     479                if (isset($result['group_groups']) && $result['group_groups'] != "") { 
     480                    $usergroups .= ($usergroups==""?"":".").$result['group_groups']; 
     481                } 
     482            } 
     483            if (in_array($forumgroup, explode(".", substr($usergroups,1)))) { 
     484                return true; 
     485            } else { 
     486                return false; 
     487            } 
    474488    } 
    475489} 
     
    684698                            if ($settings['m2f_subscribe_required']) { 
    685699                                $send_allowed = dbrows(dbquery("SELECT m2f_subid FROM ".$db_prefix."M2F_subscriptions WHERE m2f_subscribed = '1' AND m2f_userid = '".$sender['user_id']."' AND m2f_forumid = '".$recipient['m2f_forumid']."'")); 
     700                                if ($settings['m2f_process_log']) logentry('DEBUG', "QUERY: SELECT m2f_subid FROM ".$db_prefix."M2F_subscriptions WHERE m2f_subscribed = '1' AND m2f_userid = '".$sender['user_id']."' AND m2f_forumid = '".$recipient['m2f_forumid']."', result = ".($send_allowed?"TRUE":"FALSE")); 
    686701                            } else { 
    687                                 $send_allowed = can_post($sender['user_groups'], $recipient['m2f_posting']); 
     702                                $send_allowed = can_post($sender['user_groups'], $recipient['m2f_posting'], $sender['user_level']); 
     703                                if ($settings['m2f_process_log']) logentry('DEBUG', "CAN_POST() CHECK: ".($send_allowed?"TRUE":"FALSE").", sender = ".$sender['user_groups'].", recipient = ".$recipient['m2f_posting']); 
    688704                            } 
    689705                        } 
     
    779795        } 
    780796        // finished processing POP3 messages. Close the connection 
    781         if ($pop3connect) $pop3->disconnect(); 
     797        if ($pop3connect) { 
     798            $pop3->disconnect(); 
     799        } 
    782800    } 
    783801