/**
* Build the permissions sql
*
* Call this function to have it automatically build the user permissions check part of the SQL query
*
* @param int $user_id The user id of the user we will build the permissions sql query for
* @param bool $add_where Puts a WHERE at the beginning instead of AND
* @param string $prefix is to add a prefix to the column (for example, when used in a join and you need b.user_id)
*/
function build_permission_sql($user_id, $add_where = false, $prefix = '')
{
global $auth, $config, $db;
// If user permissions are not allowed or the viewing user has moderator or administrator permissions, nothing will be checked.
if (!$config['user_blog_user_permissions'] || $auth->acl_gets('a_', 'm_')) {
return '';
}
// Matches and replacements. Make sure to add any field used below here. It must be done this way to work with our static...otherwise the static is useless.
$matches = array('user_id', 'perm_guest', 'perm_registered', 'perm_friend', 'perm_foe');
$replacements = array($prefix . 'user_id', $prefix . 'perm_guest', $prefix . 'perm_registered', $prefix . 'perm_friend', $prefix . 'perm_foe');
// We only want to build this query once per session...so if it is built already, don't do it again!
static $sql = '';
if ($sql) {
return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql);
}
$user_id = (int) $user_id;
if ($user_id == ANONYMOUS) {
$sql = ' AND perm_guest > 0';
return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql);
}
$sql = " AND (user_id = {$user_id}";
// Here is where things get complicated with friend/foe permissions.
$zebra_list = array();
if ($config['user_blog_enable_zebra']) {
global $reverse_zebra_list;
get_zebra_info($user_id, true);
if (isset($reverse_zebra_list[$user_id]['foe']) && sizeof($reverse_zebra_list[$user_id]['foe'])) {
foreach ($reverse_zebra_list[$user_id]['foe'] as $zid) {
$sql .= " OR (user_id = {$zid} AND perm_foe > 0)";
$zebra_list[] = $zid;
}
}
if (isset($reverse_zebra_list[$user_id]['friend']) && sizeof($reverse_zebra_list[$user_id]['friend'])) {
foreach ($reverse_zebra_list[$user_id]['friend'] as $zid) {
$sql .= " OR (user_id = {$zid} AND perm_friend > 0)";
$zebra_list[] = $zid;
}
}
}
if (sizeof($zebra_list)) {
// Inverted sql_in_set. For any user NOT in the zebra list.
$sql .= ' OR (' . $db->sql_in_set('user_id', $zebra_list, true) . " AND perm_registered > 0)";
} else {
$sql .= " OR (perm_registered > 0)";
}
$sql .= ')';
blog_plugins::plugin_do_ref('function_build_permission_sql', $sql);
return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql);
}
if ($blog_data->get_blog_data('blog', $blog_id) === false) {
trigger_error('BLOG_NOT_EXIST');
}
$user_id = blog_data::$blog[$blog_id]['user_id'];
}
if ($user_id) {
blog_data::$user_queue[] = (int) $user_id;
$blog_data->get_user_data(false, true);
// do it this way so we get user data on editors/deleters
if (!array_key_exists($user_id, blog_data::$user)) {
trigger_error('NO_USER');
}
$username = blog_data::$user[$user_id]['username'];
}
get_user_settings(array($user_id, $user->data['user_id']));
get_zebra_info(array($user_id, $user->data['user_id']));
// Make sure the user can view this blog by checking the blog's individual permissions
if ($blog_id && !handle_user_blog_permissions($blog_id)) {
trigger_error('NO_PERMISSIONS_READ');
}
// Put the template we want in $blog_template for easier access/use
// style= to use a board style, blogstyle= to use a custom blog style, otherwise it is set to the user's style or blank if none set
$blog_template = isset($_GET['style']) ? request_var('style', 0) : (isset($_GET['blogstyle']) ? request_var('blogstyle', '') : ($user_id && isset($user_settings[$user_id]) ? $user_settings[$user_id]['blog_style'] : ''));
/**
* Ok, now lets actually start setting up the page.
*/
/*
* A slightly (weird) way it is that I have set this up. Only on the view blog/user page can the user set a custom style except if that custom style is also a board style.
* If the style they selected is also a board style we will also show that style on the posting/etc pages. This is to keep it easier on the custom template developers.
*/
if ($user_style && $blog_template && !is_numeric($blog_template) && is_dir($phpbb_root_path . 'blog/styles/' . $blog_template)) {
