/** * Convert authentication * user, group and forum table has to be filled in order to work */ function phpbb_convert_authentication($mode) { global $db, $src_db, $same_db, $convert, $user, $config, $cache; if ($mode == 'start') { $db->sql_query($convert->truncate_statement . ACL_USERS_TABLE); $db->sql_query($convert->truncate_statement . ACL_GROUPS_TABLE); // What we will do is handling all 2.0.x admins as founder to replicate what is common in 2.0.x. // After conversion the main admin need to make sure he is removing permissions and the founder status if wanted. // Grab user ids of users with user_level of ADMIN $sql = "SELECT user_id FROM {$convert->src_table_prefix}users WHERE user_level = 1 ORDER BY user_regdate ASC"; $result = $src_db->sql_query($sql); while ($row = $src_db->sql_fetchrow($result)) { $user_id = (int) phpbb_user_id($row['user_id']); // Set founder admin... $sql = 'UPDATE ' . USERS_TABLE . ' SET user_type = ' . USER_FOUNDER . " WHERE user_id = $user_id"; $db->sql_query($sql); } $src_db->sql_freeresult($result); $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = '" . $db->sql_escape('BOTS') . "'"; $result = $db->sql_query($sql); $bot_group_id = (int) $db->sql_fetchfield('group_id'); $db->sql_freeresult($result); } // Grab forum auth information $sql = "SELECT * FROM {$convert->src_table_prefix}forums"; $result = $src_db->sql_query($sql); $forum_access = array(); while ($row = $src_db->sql_fetchrow($result)) { $forum_access[$row['forum_id']] = $row; } $src_db->sql_freeresult($result); if ($convert->mysql_convert && $same_db) { $src_db->sql_query("SET NAMES 'binary'"); } // Grab user auth information from 2.0.x board $sql = "SELECT ug.user_id, aa.* FROM {$convert->src_table_prefix}auth_access aa, {$convert->src_table_prefix}user_group ug, {$convert->src_table_prefix}groups g, {$convert->src_table_prefix}forums f WHERE g.group_id = aa.group_id AND g.group_single_user = 1 AND ug.group_id = g.group_id AND f.forum_id = aa.forum_id"; $result = $src_db->sql_query($sql); $user_access = array(); while ($row = $src_db->sql_fetchrow($result)) { $user_access[$row['forum_id']][] = $row; } $src_db->sql_freeresult($result); // Grab group auth information $sql = "SELECT g.group_id, aa.* FROM {$convert->src_table_prefix}auth_access aa, {$convert->src_table_prefix}groups g WHERE g.group_id = aa.group_id AND g.group_single_user <> 1"; $result = $src_db->sql_query($sql); $group_access = array(); while ($row = $src_db->sql_fetchrow($result)) { $group_access[$row['forum_id']][] = $row; } $src_db->sql_freeresult($result); if ($convert->mysql_convert && $same_db) { $src_db->sql_query("SET NAMES 'utf8'"); } // Add Forum Access List $auth_map = array( 'auth_view' => array('f_', 'f_list'), 'auth_read' => array('f_read', 'f_search'), 'auth_post' => array('f_post', 'f_bbcode', 'f_smilies', 'f_img', 'f_sigs', 'f_postcount', 'f_report', 'f_subscribe', 'f_print', 'f_email'), 'auth_reply' => 'f_reply', 'auth_edit' => 'f_edit', 'auth_delete' => 'f_delete', 'auth_pollcreate' => 'f_poll', 'auth_vote' => 'f_vote', 'auth_announce' => 'f_announce', 'auth_sticky' => 'f_sticky', 'auth_attachments' => array('f_attach', 'f_download'), 'auth_download' => 'f_download', ); // Define the ACL constants used in 2.0 to make the code slightly more readable define('AUTH_ALL', 0); define('AUTH_REG', 1); define('AUTH_ACL', 2); define('AUTH_MOD', 3); define('AUTH_ADMIN', 5); // A mapping of the simple permissions used by 2.0 $simple_auth_ary = array( 'public' => array( 'auth_view' => AUTH_ALL, 'auth_read' => AUTH_ALL, 'auth_post' => AUTH_ALL, 'auth_reply' => AUTH_ALL, 'auth_edit' => AUTH_REG, 'auth_delete' => AUTH_REG, 'auth_sticky' => AUTH_MOD, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_REG, 'auth_pollcreate' => AUTH_REG, ), 'registered' => array( 'auth_view' => AUTH_ALL, 'auth_read' => AUTH_ALL, 'auth_post' => AUTH_REG, 'auth_reply' => AUTH_REG, 'auth_edit' => AUTH_REG, 'auth_delete' => AUTH_REG, 'auth_sticky' => AUTH_MOD, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_REG, 'auth_pollcreate' => AUTH_REG, ), 'registered_hidden' => array( 'auth_view' => AUTH_REG, 'auth_read' => AUTH_REG, 'auth_post' => AUTH_REG, 'auth_reply' => AUTH_REG, 'auth_edit' => AUTH_REG, 'auth_delete' => AUTH_REG, 'auth_sticky' => AUTH_MOD, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_REG, 'auth_pollcreate' => AUTH_REG, ), 'private' => array( 'auth_view' => AUTH_ALL, 'auth_read' => AUTH_ACL, 'auth_post' => AUTH_ACL, 'auth_reply' => AUTH_ACL, 'auth_edit' => AUTH_ACL, 'auth_delete' => AUTH_ACL, 'auth_sticky' => AUTH_ACL, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_ACL, 'auth_pollcreate' => AUTH_ACL, ), 'private_hidden' => array( 'auth_view' => AUTH_ACL, 'auth_read' => AUTH_ACL, 'auth_post' => AUTH_ACL, 'auth_reply' => AUTH_ACL, 'auth_edit' => AUTH_ACL, 'auth_delete' => AUTH_ACL, 'auth_sticky' => AUTH_ACL, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_ACL, 'auth_pollcreate' => AUTH_ACL, ), 'moderator' => array( 'auth_view' => AUTH_ALL, 'auth_read' => AUTH_MOD, 'auth_post' => AUTH_MOD, 'auth_reply' => AUTH_MOD, 'auth_edit' => AUTH_MOD, 'auth_delete' => AUTH_MOD, 'auth_sticky' => AUTH_MOD, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_MOD, 'auth_pollcreate' => AUTH_MOD, ), 'moderator_hidden' => array( 'auth_view' => AUTH_MOD, 'auth_read' => AUTH_MOD, 'auth_post' => AUTH_MOD, 'auth_reply' => AUTH_MOD, 'auth_edit' => AUTH_MOD, 'auth_delete' => AUTH_MOD, 'auth_sticky' => AUTH_MOD, 'auth_announce' => AUTH_MOD, 'auth_vote' => AUTH_MOD, 'auth_pollcreate' => AUTH_MOD, ), ); if ($mode == 'start') { user_group_auth('guests', 'SELECT user_id, {GUESTS} FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS, false); user_group_auth('registered', 'SELECT user_id, {REGISTERED} FROM ' . USERS_TABLE . ' WHERE user_id <> ' . ANONYMOUS . " AND group_id <> $bot_group_id", false); // Selecting from old table if (!empty($config['increment_user_id'])) { $auth_sql = 'SELECT user_id, {ADMINISTRATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1 AND user_id <> 1'; user_group_auth('administrators', $auth_sql, true); $auth_sql = 'SELECT ' . $config['increment_user_id'] . ' as user_id, {ADMINISTRATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1 AND user_id = 1'; user_group_auth('administrators', $auth_sql, true); } else { $auth_sql = 'SELECT user_id, {ADMINISTRATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1'; user_group_auth('administrators', $auth_sql, true); } if (!empty($config['increment_user_id'])) { $auth_sql = 'SELECT user_id, {GLOBAL_MODERATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1 AND user_id <> 1'; user_group_auth('global_moderators', $auth_sql, true); $auth_sql = 'SELECT ' . $config['increment_user_id'] . ' as user_id, {GLOBAL_MODERATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1 AND user_id = 1'; user_group_auth('global_moderators', $auth_sql, true); } else { $auth_sql = 'SELECT user_id, {GLOBAL_MODERATORS} FROM ' . $convert->src_table_prefix . 'users WHERE user_level = 1'; user_group_auth('global_moderators', $auth_sql, true); } } else if ($mode == 'first') { // Go through all 2.0.x forums foreach ($forum_access as $forum) { $new_forum_id = (int) $forum['forum_id']; // Administrators have full access to all forums whatever happens mass_auth('group_role', $new_forum_id, 'administrators', 'FORUM_FULL'); $matched_type = ''; foreach ($simple_auth_ary as $key => $auth_levels) { $matched = 1; foreach ($auth_levels as $k => $level) { if ($forum[$k] != $auth_levels[$k]) { $matched = 0; } } if ($matched) { $matched_type = $key; break; } } switch ($matched_type) { case 'public': mass_auth('group_role', $new_forum_id, 'guests', 'FORUM_LIMITED'); mass_auth('group_role', $new_forum_id, 'registered', 'FORUM_LIMITED_POLLS'); mass_auth('group_role', $new_forum_id, 'bots', 'FORUM_BOT'); break; case 'registered': mass_auth('group_role', $new_forum_id, 'guests', 'FORUM_READONLY'); mass_auth('group_role', $new_forum_id, 'bots', 'FORUM_BOT'); // no break; case 'registered_hidden': mass_auth('group_role', $new_forum_id, 'registered', 'FORUM_POLLS'); break; case 'private': case 'private_hidden': case 'moderator': case 'moderator_hidden': default: // The permissions don't match a simple set, so we're going to have to map them directly // No post approval for all, in 2.0.x this feature does not exist mass_auth('group', $new_forum_id, 'guests', 'f_noapprove', ACL_YES); mass_auth('group', $new_forum_id, 'registered', 'f_noapprove', ACL_YES); // Go through authentication map foreach ($auth_map as $old_auth_key => $new_acl) { // If old authentication key does not exist we continue // This is helpful for mods adding additional authentication fields, we need to add them to the auth_map array if (!isset($forum[$old_auth_key])) { continue; } // Now set the new ACL correctly switch ($forum[$old_auth_key]) { // AUTH_ALL case AUTH_ALL: mass_auth('group', $new_forum_id, 'guests', $new_acl, ACL_YES); mass_auth('group', $new_forum_id, 'bots', $new_acl, ACL_YES); mass_auth('group', $new_forum_id, 'registered', $new_acl, ACL_YES); break; // AUTH_REG case AUTH_REG: mass_auth('group', $new_forum_id, 'registered', $new_acl, ACL_YES); break; // AUTH_ACL case AUTH_ACL: // Go through the old group access list for this forum if (isset($group_access[$forum['forum_id']])) { foreach ($group_access[$forum['forum_id']] as $index => $access) { // We only check for ACL_YES equivalence entry if (isset($access[$old_auth_key]) && $access[$old_auth_key] == 1) { mass_auth('group', $new_forum_id, (int) $access['group_id'], $new_acl, ACL_YES); } } } if (isset($user_access[$forum['forum_id']])) { foreach ($user_access[$forum['forum_id']] as $index => $access) { // We only check for ACL_YES equivalence entry if (isset($access[$old_auth_key]) && $access[$old_auth_key] == 1) { mass_auth('user', $new_forum_id, (int) phpbb_user_id($access['user_id']), $new_acl, ACL_YES); } } } break; // AUTH_MOD case AUTH_MOD: if (isset($group_access[$forum['forum_id']])) { foreach ($group_access[$forum['forum_id']] as $index => $access) { // We only check for ACL_YES equivalence entry if (isset($access[$old_auth_key]) && $access[$old_auth_key] == 1) { mass_auth('group', $new_forum_id, (int) $access['group_id'], $new_acl, ACL_YES); } } } if (isset($user_access[$forum['forum_id']])) { foreach ($user_access[$forum['forum_id']] as $index => $access) { // We only check for ACL_YES equivalence entry if (isset($access[$old_auth_key]) && $access[$old_auth_key] == 1) { mass_auth('user', $new_forum_id, (int) phpbb_user_id($access['user_id']), $new_acl, ACL_YES); } } } break; } } break; } } } else if ($mode == 'second') { // Assign permission roles and other default permissions // guests having u_download and u_search ability $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) SELECT ' . get_group_id('guests') . ', 0, auth_option_id, 0, 1 FROM ' . ACL_OPTIONS_TABLE . " WHERE auth_option IN ('u_', 'u_download', 'u_search')"); // administrators/global mods having full user features mass_auth('group_role', 0, 'administrators', 'USER_FULL'); mass_auth('group_role', 0, 'global_moderators', 'USER_FULL'); // By default all converted administrators are given full access mass_auth('group_role', 0, 'administrators', 'ADMIN_FULL'); // All registered users are assigned the standard user role mass_auth('group_role', 0, 'registered', 'USER_STANDARD'); mass_auth('group_role', 0, 'registered_coppa', 'USER_STANDARD'); // Instead of administrators being global moderators we give the MOD_FULL role to global mods (admins already assigned to this group) mass_auth('group_role', 0, 'global_moderators', 'MOD_FULL'); // And now those who have had their avatar rights removed get assigned a more restrictive role $sql = 'SELECT user_id FROM ' . $convert->src_table_prefix . 'users WHERE user_allowavatar = 0 AND user_id > 0'; $result = $src_db->sql_query($sql); while ($row = $src_db->sql_fetchrow($result)) { mass_auth('user_role', 0, (int) phpbb_user_id($row['user_id']), 'USER_NOAVATAR'); } $src_db->sql_freeresult($result); // And the same for those who have had their PM rights removed $sql = 'SELECT user_id FROM ' . $convert->src_table_prefix . 'users WHERE user_allow_pm = 0 AND user_id > 0'; $result = $src_db->sql_query($sql); while ($row = $src_db->sql_fetchrow($result)) { mass_auth('user_role', 0, (int) phpbb_user_id($row['user_id']), 'USER_NOPM'); } $src_db->sql_freeresult($result); } else if ($mode == 'third') { // And now the moderators // We make sure that they have at least standard access to the forums they moderate in addition to the moderating permissions $mod_post_map = array( 'auth_announce' => 'f_announce', 'auth_sticky' => 'f_sticky' ); foreach ($user_access as $forum_id => $access_map) { $forum_id = (int) $forum_id; foreach ($access_map as $access) { if (isset($access['auth_mod']) && $access['auth_mod'] == 1) { mass_auth('user_role', $forum_id, (int) phpbb_user_id($access['user_id']), 'MOD_STANDARD'); mass_auth('user_role', $forum_id, (int) phpbb_user_id($access['user_id']), 'FORUM_STANDARD'); foreach ($mod_post_map as $old => $new) { if (isset($forum_access[$forum_id]) && isset($forum_access[$forum_id][$old]) && $forum_access[$forum_id][$old] == AUTH_MOD) { mass_auth('user', $forum_id, (int) phpbb_user_id($access['user_id']), $new, ACL_YES); } } } } } foreach ($group_access as $forum_id => $access_map) { $forum_id = (int) $forum_id; foreach ($access_map as $access) { if (isset($access['auth_mod']) && $access['auth_mod'] == 1) { mass_auth('group_role', $forum_id, (int) $access['group_id'], 'MOD_STANDARD'); mass_auth('group_role', $forum_id, (int) $access['group_id'], 'FORUM_STANDARD'); foreach ($mod_post_map as $old => $new) { if (isset($forum_access[$forum_id]) && isset($forum_access[$forum_id][$old]) && $forum_access[$forum_id][$old] == AUTH_MOD) { mass_auth('group', $forum_id, (int) $access['group_id'], $new, ACL_YES); } } } } } // We grant everyone readonly access to the categories to ensure that the forums are visible $sql = 'SELECT forum_id, forum_name, parent_id, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; $result = $db->sql_query($sql); $parent_forums = $forums = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['parent_id'] == 0) { mass_auth('group_role', $row['forum_id'], 'administrators', 'FORUM_FULL'); mass_auth('group_role', $row['forum_id'], 'global_moderators', 'FORUM_FULL'); $parent_forums[] = $row; } else { $forums[] = $row; } } $db->sql_freeresult($result); global $auth; // Let us see which groups have access to these forums... foreach ($parent_forums as $row) { // Get the children $branch = $forum_ids = array(); foreach ($forums as $key => $_row) { if ($_row['left_id'] > $row['left_id'] && $_row['left_id'] < $row['right_id']) { $branch[] = $_row; $forum_ids[] = $_row['forum_id']; continue; } } if (sizeof($forum_ids)) { // Now make sure the user is able to read these forums $hold_ary = $auth->acl_group_raw_data(false, 'f_list', $forum_ids); if (empty($hold_ary)) { continue; } foreach ($hold_ary as $g_id => $f_id_ary) { $set_group = false; foreach ($f_id_ary as $f_id => $auth_ary) { foreach ($auth_ary as $auth_option => $setting) { if ($setting == ACL_YES) { $set_group = true; break 2; } } } if ($set_group) { mass_auth('group', $row['forum_id'], $g_id, 'f_list', ACL_YES); } } } } } }
/** * Convert authentication * user, group and forum table has to be filled in order to work */ function phpbb_convert_authentication($mode) { global $db, $src_db, $same_db, $convert, $phpbb_root_path, $phpEx; if ($mode == 'start') { $db->sql_query($convert->truncate_statement . ACL_USERS_TABLE); $db->sql_query($convert->truncate_statement . ACL_GROUPS_TABLE); // Grab users with admin permissions $sql = "SELECT uid, permissions FROM {$convert->src_table_prefix}adminoptions WHERE uid >= 1"; $result = $src_db->sql_query($sql); $admins = $founders = array(); while ($row = $src_db->sql_fetchrow($result)) { $user_id = (int) phpbb_user_id($row['uid']); $permissions = unserialize($row['permissions']); $admins[] = $user_id; if ($permissions['user']['admin_permissions']) { $founders[] = $user_id; } } $src_db->sql_freeresult($result); // We'll set the users that can manage admin permissions as founders. $sql = 'UPDATE ' . USERS_TABLE . ' SET user_type = ' . USER_FOUNDER . " WHERE " . $db->sql_in_set('user_id', $founders); $db->sql_query($sql); $bot_group_id = get_group_id('bots'); user_group_auth('guests', 'SELECT user_id, {GUESTS} FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS, false); user_group_auth('registered', 'SELECT user_id, {REGISTERED} FROM ' . USERS_TABLE . ' WHERE user_id <> ' . ANONYMOUS . " AND group_id <> $bot_group_id", false); $auth_sql = 'SELECT user_id, {ADMINISTRATORS} FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $admins); user_group_auth('administrators', $auth_sql, false); $auth_sql = 'SELECT user_id, {GLOBAL_MODERATORS} FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $admins); user_group_auth('global_moderators', $auth_sql, false); if (!function_exists('group_set_user_default')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } // Set the admin group as their default group. group_set_user_default(get_group_id('administrators'), $admins); } else if ($mode == 'first') { // Assign permission roles and other default permissions // guests having u_download and u_search ability $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) SELECT ' . get_group_id('guests') . ', 0, auth_option_id, 0, 1 FROM ' . ACL_OPTIONS_TABLE . " WHERE auth_option IN ('u_', 'u_download', 'u_search')"); // administrators/global mods having full user features mass_auth('group_role', 0, 'administrators', 'USER_FULL'); mass_auth('group_role', 0, 'global_moderators', 'USER_FULL'); // By default all converted administrators are given full access mass_auth('group_role', 0, 'administrators', 'ADMIN_FULL'); // All registered users are assigned the standard user role mass_auth('group_role', 0, 'registered', 'USER_STANDARD'); mass_auth('group_role', 0, 'registered_coppa', 'USER_STANDARD'); // Instead of administrators being global moderators we give the MOD_FULL role to global mods (admins already assigned to this group) mass_auth('group_role', 0, 'global_moderators', 'MOD_FULL'); } }