/** * Build the permissions sql * * Call this function to have it automatically build the user permissions check part of the SQL query * * @param int $user_id The user id of the user we will build the permissions sql query for * @param bool $add_where Puts a WHERE at the beginning instead of AND * @param string $prefix is to add a prefix to the column (for example, when used in a join and you need b.user_id) */ function build_permission_sql($user_id, $add_where = false, $prefix = '') { global $auth, $config, $db; // If user permissions are not allowed or the viewing user has moderator or administrator permissions, nothing will be checked. if (!$config['user_blog_user_permissions'] || $auth->acl_gets('a_', 'm_')) { return ''; } // Matches and replacements. Make sure to add any field used below here. It must be done this way to work with our static...otherwise the static is useless. $matches = array('user_id', 'perm_guest', 'perm_registered', 'perm_friend', 'perm_foe'); $replacements = array($prefix . 'user_id', $prefix . 'perm_guest', $prefix . 'perm_registered', $prefix . 'perm_friend', $prefix . 'perm_foe'); // We only want to build this query once per session...so if it is built already, don't do it again! static $sql = ''; if ($sql) { return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql); } $user_id = (int) $user_id; if ($user_id == ANONYMOUS) { $sql = ' AND perm_guest > 0'; return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql); } $sql = " AND (user_id = {$user_id}"; // Here is where things get complicated with friend/foe permissions. $zebra_list = array(); if ($config['user_blog_enable_zebra']) { global $reverse_zebra_list; get_zebra_info($user_id, true); if (isset($reverse_zebra_list[$user_id]['foe']) && sizeof($reverse_zebra_list[$user_id]['foe'])) { foreach ($reverse_zebra_list[$user_id]['foe'] as $zid) { $sql .= " OR (user_id = {$zid} AND perm_foe > 0)"; $zebra_list[] = $zid; } } if (isset($reverse_zebra_list[$user_id]['friend']) && sizeof($reverse_zebra_list[$user_id]['friend'])) { foreach ($reverse_zebra_list[$user_id]['friend'] as $zid) { $sql .= " OR (user_id = {$zid} AND perm_friend > 0)"; $zebra_list[] = $zid; } } } if (sizeof($zebra_list)) { // Inverted sql_in_set. For any user NOT in the zebra list. $sql .= ' OR (' . $db->sql_in_set('user_id', $zebra_list, true) . " AND perm_registered > 0)"; } else { $sql .= " OR (perm_registered > 0)"; } $sql .= ')'; blog_plugins::plugin_do_ref('function_build_permission_sql', $sql); return str_replace($matches, $replacements, $add_where ? fix_where_sql($sql) : $sql); }
if ($blog_data->get_blog_data('blog', $blog_id) === false) { trigger_error('BLOG_NOT_EXIST'); } $user_id = blog_data::$blog[$blog_id]['user_id']; } if ($user_id) { blog_data::$user_queue[] = (int) $user_id; $blog_data->get_user_data(false, true); // do it this way so we get user data on editors/deleters if (!array_key_exists($user_id, blog_data::$user)) { trigger_error('NO_USER'); } $username = blog_data::$user[$user_id]['username']; } get_user_settings(array($user_id, $user->data['user_id'])); get_zebra_info(array($user_id, $user->data['user_id'])); // Make sure the user can view this blog by checking the blog's individual permissions if ($blog_id && !handle_user_blog_permissions($blog_id)) { trigger_error('NO_PERMISSIONS_READ'); } // Put the template we want in $blog_template for easier access/use // style= to use a board style, blogstyle= to use a custom blog style, otherwise it is set to the user's style or blank if none set $blog_template = isset($_GET['style']) ? request_var('style', 0) : (isset($_GET['blogstyle']) ? request_var('blogstyle', '') : ($user_id && isset($user_settings[$user_id]) ? $user_settings[$user_id]['blog_style'] : '')); /** * Ok, now lets actually start setting up the page. */ /* * A slightly (weird) way it is that I have set this up. Only on the view blog/user page can the user set a custom style except if that custom style is also a board style. * If the style they selected is also a board style we will also show that style on the posting/etc pages. This is to keep it easier on the custom template developers. */ if ($user_style && $blog_template && !is_numeric($blog_template) && is_dir($phpbb_root_path . 'blog/styles/' . $blog_template)) {