/**
* Check blog permissions
*
* @param string $page The page requested - blog, reply, mcp, install, upgrade, update, dev, resync
* @param string $mode The mode requested - depends on the $page requested
* @param bool $return If you would like this function to return true or false (if they have permission or not). If it is false we give them a login box if they are not logged in, or give them the NO_AUTH error message
* @param int $blog_id The blog_id requested (needed for some things, like blog edit, delete, etc
* @param int $reply_id The reply_id requested, used for the same reason as $blog_id
*
* @return Returns
* - true if the user is authorized to do the requested action
* - false if the user is not authorized to do the requested action
*/
function check_blog_permissions($page, $mode, $return = false, $blog_id = 0, $reply_id = 0)
{
global $user, $config, $auth, $blog_plugins;
blog_plugins::plugin_do('function_check_blog_permissions');
switch ($page) {
case 'blog':
switch ($mode) {
case 'add':
$is_auth = $auth->acl_get('u_blogpost') ? true : false;
break;
case 'edit':
$is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogedit') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogedit')) ? true : false;
break;
case 'delete':
if (blog_data::$blog[$blog_id]['blog_deleted'] == 0 || $auth->acl_get('a_blogdelete')) {
$is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogdelete') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogdelete') || $auth->acl_get('a_blogdelete')) ? true : false;
} else {
$is_auth = false;
}
break;
case 'undelete':
$is_auth = $auth->acl_gets('m_blogdelete', 'a_blogdelete') || blog_data::$blog[$blog_id]['blog_deleted'] == $user->data['user_id'] ? true : false;
break;
case 'report':
$is_auth = $auth->acl_get('u_blogreport') ? true : false;
break;
case 'approve':
$is_auth = $auth->acl_get('m_blogapprove') ? true : false;
break;
case 'vote':
$is_auth = $auth->acl_get('u_blog_vote') && handle_user_blog_permissions($blog_id) ? true : false;
break;
}
break;
case 'reply':
switch ($mode) {
case 'add':
case 'quote':
$is_auth = $auth->acl_get('u_blogreply') && handle_user_blog_permissions($blog_id, false, 'reply') ? true : false;
break;
case 'edit':
$is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogreplyedit') && $user->data['user_id'] == blog_data::$reply[$reply_id]['user_id'] || isset(blog_data::$blog[$blog_id]['user_id']) && $auth->acl_get('u_blogmoderate') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogreplyedit')) ? true : false;
break;
case 'delete':
if (blog_data::$reply[$reply_id]['reply_deleted'] == 0 || $auth->acl_get('a_blogreplydelete')) {
$is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogreplydelete') && $user->data['user_id'] == blog_data::$reply[$reply_id]['user_id'] || isset(blog_data::$blog[$blog_id]['user_id']) && $auth->acl_get('u_blogmoderate') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_gets('a_blogreplydelete', 'm_blogreplydelete')) ? true : false;
} else {
$is_auth = false;
}
break;
case 'undelete':
$is_auth = $auth->acl_gets('m_blogreplydelete', 'a_blogreplydelete') || blog_data::$reply[$reply_id]['reply_deleted'] == $user->data['user_id'] ? true : false;
break;
case 'report':
$is_auth = $auth->acl_get('u_blogreport') ? true : false;
break;
case 'approve':
$is_auth = $auth->acl_get('m_blogreplyapprove') ? true : false;
break;
}
break;
case 'mcp':
$is_auth = $auth->acl_gets('m_blogapprove', 'acl_m_blogreport') ? true : false;
break;
case 'rate':
$is_auth = $user->data['is_registered'] ? true : false;
break;
case 'install':
case 'update':
case 'upgrade':
case 'dev':
case 'resync':
$is_auth = $user->data['user_type'] == USER_FOUNDER ? true : false;
$founder = true;
break;
}
$temp = compact('is_auth', 'page', 'mode', 'blog_id', 'reply_id');
blog_plugins::plugin_do_ref('permissions_end', $temp);
extract($temp);
// if $is_auth hasn't been set yet they are just viewing a blog/user/etc, if it has been set also check to make sure they can view blogs
if (!isset($is_auth)) {
$is_auth = $auth->acl_get('u_blogview') ? true : false;
} else {
// if it is the install page they will not have viewing permissions, but they already need to be a founder :P
$is_auth = !$auth->acl_get('u_blogview') && $page != 'install' ? false : $is_auth;
}
if (!$return) {
if (!$is_auth) {
if (!$user->data['is_registered']) {
global $template;
$template->set_template();
// reset the template. Required because of user styles.
login_box();
} else {
if (isset($founder) && $founder) {
trigger_error('MUST_BE_FOUNDER');
} else {
trigger_error('NO_AUTH_OPERATION');
}
}
}
} else {
return $is_auth;
}
}
}
$user_id = blog_data::$blog[$blog_id]['user_id'];
}
if ($user_id) {
blog_data::$user_queue[] = (int) $user_id;
$blog_data->get_user_data(false, true);
// do it this way so we get user data on editors/deleters
if (!array_key_exists($user_id, blog_data::$user)) {
trigger_error('NO_USER');
}
$username = blog_data::$user[$user_id]['username'];
}
get_user_settings(array($user_id, $user->data['user_id']));
get_zebra_info(array($user_id, $user->data['user_id']));
// Make sure the user can view this blog by checking the blog's individual permissions
if ($blog_id && !handle_user_blog_permissions($blog_id)) {
trigger_error('NO_PERMISSIONS_READ');
}
// Put the template we want in $blog_template for easier access/use
// style= to use a board style, blogstyle= to use a custom blog style, otherwise it is set to the user's style or blank if none set
$blog_template = isset($_GET['style']) ? request_var('style', 0) : (isset($_GET['blogstyle']) ? request_var('blogstyle', '') : ($user_id && isset($user_settings[$user_id]) ? $user_settings[$user_id]['blog_style'] : ''));
/**
* Ok, now lets actually start setting up the page.
*/
/*
* A slightly (weird) way it is that I have set this up. Only on the view blog/user page can the user set a custom style except if that custom style is also a board style.
* If the style they selected is also a board style we will also show that style on the posting/etc pages. This is to keep it easier on the custom template developers.
*/
if ($user_style && $blog_template && !is_numeric($blog_template) && is_dir($phpbb_root_path . 'blog/styles/' . $blog_template)) {
// Do note style developers that dots and slashes in your style names are not allowed.
if (strpos($blog_template, '.') !== false || strpos($blog_template, '/') !== false) {