Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
Enforcer
New Member
New Member


Joined: Aug 19, 2006
Posts: 23
Location: Timisoara, Romania

PostPosted: Tue Aug 22, 2006 6:14 am Reply with quote

I;ve noticed links from modules block can be be accesesd by any registered user even modules are set to a specific group.
(Regardless points of user any module can be accessed).
in file html/modules.php line 50
find
Quote:
} elseif($view == 1 AND (is_user($user) OR is_group($user, $name) OR is_admin($admin))) {

replace with
Quote:
} elseif($view == 1 AND (is_user($user) AND is_group($user, $name) OR is_admin($admin))) {


In this way modules will be accesible by points of user as they should be.
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Aug 22, 2006 6:47 am Reply with quote

This edit is not right. Are you sure that you were not logged in as admin when you were testing this. The original code is proper I believe.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Tue Aug 22, 2006 6:52 am Reply with quote

BTW, I am looking at this more closely now. Neither approach looks right to me right now... give me a bit.
 
montego
PostPosted: Tue Aug 22, 2006 6:56 am Reply with quote

Ok, I've looked at the function definition for is_group and the original code is working properly. Please make sure you were not logged in as admin AND also check the Edit Groups/Points and check to see if the module points is still 0.
 
Enforcer
PostPosted: Tue Aug 22, 2006 6:58 am Reply with quote

I'm very sure.
Maybe my english is not good enough to cleary explain, but I see like this:
is_user($user) OR is_group($user, $name)
acces will be granted no matter if user belong to a group cuz is_user($user) - first condition accomplished, ignored second
(is_user($user) AND is_group($user, $name)
acces will be granted only if user is user AND belong to a group
(function is_group define if user is on a group or not)
Besides I tested this with 3 groups defined and different user with different amount of points and is working right.(regarding modules access, hope it wont screw up something in other place - but I didn't noticed such thing)
 
montego
PostPosted: Tue Aug 22, 2006 7:07 am Reply with quote

Oh, I see it now... Embarassed

However, for clarity sake, I added an additional set of parenthesise, even though I believe based on the PHP execution rules it would be working just fine.:

} elseif($view == 1 AND ((is_user($user) AND is_group($user, $name)) OR is_admin($admin))) {

If you agree, I will also make that change to the upcoming 2.10.00 release code.
 
Enforcer
PostPosted: Tue Aug 22, 2006 7:16 am Reply with quote

Just tested, is working also with additional set of parenthesise just fine.
Quote:
If you agree, I will also make that change to the upcoming 2.10.00 release code.

Of course I agree, that's why I try to find and correct problems, to have a better future version.
 
montego
PostPosted: Tue Aug 22, 2006 7:24 am Reply with quote

Enforcer, thanks for bringing this up!

Wave
 
Enforcer
PostPosted: Tue Aug 22, 2006 7:38 am Reply with quote

NP, if I'll find such issues I'll let you know Smile
As a side note, I started to work on a alternative mail sending using SSL (Gmail for example) for ppl that have mail() function disabled.
This present any interest or better let it go? (I ask this looking to skip activation patch - 40 views, 1 comment, 0 dowloads)
 
montego
PostPosted: Tue Aug 22, 2006 7:41 am Reply with quote

In case anyone is interested, for 2.10.00, the code was changed as follows:

Code:


      if ($view == 0) {
         $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
      } elseif ($view == 1 AND ((is_user($user) AND is_group($user, $name)) OR is_admin($admin))) {  //RN0000119, RN0000317
         $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
      } elseif ($view == 2 AND is_admin($admin)) {
         $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
      } elseif ($view == 3 AND (paid() OR is_admin($admin))) {  //RN0000119, RN0000317
         $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
      } elseif ($view > 3 AND in_groups($groups)) {
         $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
      }


This had another bug fix in it where the admin was not seeing all of the modules as he/she should.
 
montego
PostPosted: Wed Nov 01, 2006 8:32 pm Reply with quote

Enforcer, are you sure that bit of code worked? The RavenNuke 2.10.00 QA Team found an issue with this. Are you sure this one line shouldn't be this?

} elseif ($view == 1 AND ((is_user($user) AND is_group($user, $m_title)) OR is_admin($admin)))
 
Enforcer
PostPosted: Wed Nov 01, 2006 8:44 pm Reply with quote

I am using this on 2.02.02 exactly as I initially posted and I have no problems at all, I am using groups since then, I have over 800 users and no one complained about groups not working.
In fact groups not working problem encoutered on first install of RN 2.02.02 leads me to this fix.
About
Code:
} elseif ($view == 1 AND ((is_user($user) AND is_group($user, $m_title)) OR is_admin($admin)))

dunno what to say, I don't think is working, but I have to try this first.
EDIT:
Maybe this formula is correct for new version as I don't know what is changed.
 
montego
PostPosted: Wed Nov 01, 2006 9:05 pm Reply with quote

Your original had is_group($user, $name), but $name really needs to be $m_title I think. $name will not have a value as far as I am able to tell so far.
 
Enforcer
PostPosted: Wed Nov 01, 2006 9:20 pm Reply with quote

Originally was
} elseif($view == 1 OR (is_user($user) OR is_group($user, $name) OR is_admin($admin))) {
And I replaced with
} elseif($view == 1 AND (is_user($user) OR is_group($user, $name) OR is_admin($admin))) {
Looking at
function is_user($user)
and
function is_group($user, $name)
I can't see any reference to $m_title, furthermore $m_title define modules title (title, custom title) and I can't see how is related to groups access.
 
montego
PostPosted: Wed Nov 01, 2006 9:31 pm Reply with quote

Your original post was related to group points system which is what I thought we were talking about. The function is_group() is looking to the have module name passed into it in the second parameter. The reason why is that it needs to check the user's points associated with the points group level that module requires in order to be visible to that user (I think - I don't claim to be a "points" expert, because I am more into NSN Groups myself).

If you look above this code right after where the sql fetch is done, the module title is being placed into the $m_title variable. At least that is the case with the 3.2/3.3 patches (possibly prior to, but not sure). So, I wonder if there is a patch difference here.

For what it is worth, here is the complete "fixed" code that I have for 2.10.00:

Code:


$result3 = $db->sql_query('SELECT * FROM ' . $prefix . '_modules WHERE active=1 AND title!=\''.$def_module.'\' AND inmenu=1 ORDER BY custom_title ASC');
while ($row3 = $db->sql_fetchrow($result3)) {
    $groups = $row3['groups'];
    $m_title = stripslashes($row3['title']);
    $custom_title = $row3['custom_title'];
    $view = intval($row3['view']);
    $m_title2 = ereg_replace('_', ' ', $m_title);
    if (!empty($custom_title)) {
        $m_title2 = $custom_title;
    }
    if ($m_title != $main_module) {
        if ($view == 0) {
            $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
        } elseif ($view == 1 AND ((is_user($user) AND is_group($user, $m_title)) OR is_admin($admin))) {  //RN0000119, RN0000317
            $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
        } elseif ($view == 2 AND is_admin($admin)) {
            $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
        } elseif ($view == 3 AND (paid() OR is_admin($admin))) {  //RN0000119, RN0000317
            $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
        } elseif ($view > 3 AND in_groups($groups)) {
            $content .= '<strong><big>&middot;</big></strong>&nbsp;<a href="modules.php?name='.$m_title.'">'.$m_title2.'</a><br />';
        }
    }
}
$db->sql_freeresult($result3);
 
Enforcer
PostPosted: Wed Nov 01, 2006 9:39 pm Reply with quote

Yes, about group points system I'm talking,
Like I said before, unfortuantelly I'm not good at explainig things and my english level don't help me either.
On top of that here is 5AM.
Sorry if I create any confusion.
I'll look into this myself and I'll report if I'll see problems.
 
Enforcer
PostPosted: Wed Nov 01, 2006 10:01 pm Reply with quote

I have tested in this way:
I replaced is_group($user, $name) with is_group($user, $m_title).
I set my points to a certain level, under minimum allowable points using a query.
UPDATE nuke_users SET points = 10 WHERE username= 'Enforcer';
I loged off as admin, loged in as user and I was able to access all modules regardless groups asignated.
I changed back to is_group($user, $name) and everithing worked as supposed.
You can test yourself, won't take more that 10 minutes, create 2-3 groups, assign 2-3 modules, set your points under lower group points, log off as admin, log in as user and see what's happend. Then put is_group($user, $name) back and try again.
You'll see yourself wich formula works.
 
montego
PostPosted: Thu Nov 02, 2006 6:35 am Reply with quote

Well, don't know what to tell you. Here is my setup and $name does not work but $m_title does:

1) Added Points Group "Group1" and gave it 10 points

2) Added new user "Test1" and gave him 0 points

3) Went into modules administration, set Encyclopedia as "Registered Users Only" (which is required for the points system to work) and then selected points group "Group1".

With $name here is what I saw:

a) Logged out of admin and Encyclopedia does not show (good)

b) Logged in as Test1 and Encyclopedia shows (remember that my user has 0 points at this point in time). (bad)

With $m_title here is what I get:

a) Still logged out of admin and logged out of "Test1".

b) Encyclopedia does not show in the block (good).

c) Logged in as "Test1" and Encyclopedia does NOT show in the block (good).

d) Edit nuke_users table and set Test1's points to 15.

e) Refreshed the brower, and now Encyclopedia shows in the block (good).

Enforcer, I don't know what or how you are testing, but both Raven and I have validated (with a debugger tool) that $name is undefined within this block of code and therefore should not work. My testing validates this as well.
 
Enforcer
PostPosted: Thu Nov 02, 2006 6:44 am Reply with quote

I was testing in same way as you.
It look like somewhere is a difference in codes we are testing, but can't see where.
Obviously you should use what is working on new version.
Also if you want I can give you full access to my instalation files and database to see I don't telling you crap.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©