Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Public Testing of RavenNuke(tm) v2.10.00
Author Message
steak
New Member
New Member



Joined: Sep 18, 2006
Posts: 3

PostPosted: Sun Dec 31, 2006 10:04 am Reply with quote

Notice: Undefined offset: 1 in /home/ravennuk/public_html/modules/Your_Account/index.php on line 934

when clicking Logout without being signed in
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Dec 31, 2006 1:44 pm Reply with quote

I take it this is when using the logout from the top "bar" in the fisubice theme? Normally you don't get a chance to logout if you aren't logged in but I think leaving it exposed and essentially hardcoded on the theme header is what's causing this. I just wanted to confirm that this is how it happened because I wasn't able to simulate it using other themes on my test site.

I can see where the problem occurs in your account, it tries to decode a cookie for a user and there is none. However, the weighty question for Raven is whether it would be better to capture this at the theme level and prevent it from ever getting to your account.
 
View user's profile Send private message Visit poster's website
steak







PostPosted: Sun Dec 31, 2006 1:49 pm Reply with quote

Yes that's exactly right, it was the top bar in fisubice. Sorry for not clarifying that in the first place.
 
fkelly







PostPosted: Sun Dec 31, 2006 2:10 pm Reply with quote

No problem, if I had to guess Raven will just choose to remove the logout button if $username = anonymous. Part of the top bar already sets precedent for that by only showing the admin menu if the user is an admin. And there is already logic for testing whether the $username = anonymous so it's a straight shot.

Good catch.
 
fkelly







PostPosted: Sun Dec 31, 2006 2:23 pm Reply with quote

Sometimes I think it might help to post something about this testing process so that all can appreciate what it takes Raven and his team to get to 2.10. After the above I started to go thru the other themes to see if any others had hard coded logout buttons on the top line. Well the problem only occurs as anonymous. And uou can't be on as anonymous and flip thru the themes because you have to go to your account to do so and you don't have an account. So I had to be logged on in another window as admin and keep changing the default theme for the test site in preferences so the anonymous in the other window would be able to try the different themes. Got to 3d Fantasy and there was a notice error with anonymous that we'd never noticed. Fixed that after a couple tries and went to change preferences to the next theme. Well somehow I logged out of the admin session on my admin window and went to click on admin in the other window and got myself banned by sentinel from my own site. So now that's where it stands. Recovering from it is not big deal due to phpmyadmin and knowing where the banned ips go but if anyone is wondering why it takes so long to get a release out ...
 
gotcha
Regular
Regular



Joined: Mar 14, 2005
Posts: 91

PostPosted: Sun Dec 31, 2006 2:46 pm Reply with quote

Just a thought, but shouldn't the logout routine contain something like this...
cause even if the link isn't there doesn't mean it won't get accessed....

Code:


if (!is_user($user))
{
  header('Location: index.php');
}
 
View user's profile Send private message Visit poster's website
fkelly







PostPosted: Sun Dec 31, 2006 3:04 pm Reply with quote

Not sure what you mean gotcha. If there is no link to your account for logging out on the theme how would they access it? It's always my belief that the most user-friendly approach is to catch these things before they happen. If someone is anonymous and they are visiting the site then they have no option to log out so you shouldn't present it to them. That sure beats giving them the link and letting them try it and then programming some clever "nah nah, you can't do that stupid, you are anonymous".
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Sun Dec 31, 2006 9:03 pm Reply with quote

I see where you are going with that gotcha - if the user is anonymous and they try to cheat by typing the url directly in the browser it would take them back to index rather than trying to process the log-out function - even though it fail any way.
 
View user's profile Send private message Send e-mail
fkelly







PostPosted: Mon Jan 01, 2007 8:20 am Reply with quote

Well, yes, I suppose if a user is crazy enough to go up to the address bar and type: "http://yoursite.com/html/modules.php?name=your_account&op=logout" they could generate an error. And I suppose your_account should be programmed to protect against this.

Still I think the more important point is that the logout option shouldn't be shown in the header of a theme for someone who is not logged in. That's inviting them to make a mistake. If I only had time to correct one of the two "errors" I'd correct the second one first -- and am working on it.
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Mon Jan 01, 2007 12:41 pm Reply with quote

I modified the routine in Your_Account/index.php. See if that gets rid of the Notice.
 
View user's profile Send private message
fkelly







PostPosted: Mon Jan 01, 2007 1:16 pm Reply with quote

Well first time I tried it, it didn't work. But of course that was because I hadn't downloaded the change nor uploaded it to my site. Now it works Smile
 
Raven







PostPosted: Mon Jan 01, 2007 3:02 pm Reply with quote

gotcha,

I'll probably incorporate your routine or a slight variation. Thanks!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Public Testing of RavenNuke(tm) v2.10.00

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©