Here is the code which checks for private forums and allowed access (from topic.asp):
if mLev = 4 then
AdminAllowed = 1
ForumChkSkipAllowed = 1
elseif mLev = 3 then
if chkForumModerator(Forum_ID, chkString(strDBNTUserName,"decode")) = "1" then
AdminAllowed = 1
ForumChkSkipAllowed = 1
else
if lcase(strNoCookies) = "1" then
AdminAllowed = 1
ForumChkSkipAllowed = 0
else
AdminAllowed = 0
ForumChkSkipAllowed = 0
end if
end if
elseif lcase(strNoCookies) = "1" then
AdminAllowed = 1
ForumChkSkipAllowed = 0
else
AdminAllowed = 0
ForumChkSkipAllowed = 0
end if
if strPrivateForums = "1" and (Request.Form("Method_Type") <> "login") and (Request.Form("Method_Type") <> "logout") and ForumChkSkipAllowed = 0 then
result = ChkForumAccess(Forum_ID, MemberID, true)
end if
The function ChkForumAccess can be found in inc_func_secure.asp.