Page 1 of 1

Not reading rights correctly

Posted: Thu Sep 08, 2005 10:29 pm
by Fractal

Code: Select all

if (!iADMIN || $userdata['user_rights'] == "")
fallback("../index.php");

if (!isset($pagenum) || !isNum($pagenum))
$pagenum = 1;

// Find out which panels and pages the admin can access
$usr_rghts = " (admin_rights='".str_replace(".", "' OR admin_rights='", $userdata['user_rights'])."')";
$page1 = dbcount("(*)", "admin", $usr_rghts." AND admin_link!='reserved' AND admin_page='1'");
$page2 = dbcount("(*)", "admin", $usr_rghts." AND admin_link!='reserved' AND admin_page='2'");
$page3 = dbcount("(*)", "admin", $usr_rghts." AND admin_link!='reserved' AND admin_page='3'");
$page4 = dbcount("(*)", "admin", $usr_rghts." AND admin_link!='reserved' AND admin_page='4'");

// Work out which tab is the active default
if ($page1)
{
  $default = 1;
}
elseif ($page2)
{
  $default = 2;
}
elseif ($page3)
{
  $default = 3;
}
elseif ($page4)
{
  $default = 4;
}
else
{
  fallback("../index.php");
}

// Ensure the admin is allowed to access the selected page
$pageon = true;
if ($pagenum == 1 && !$page1)
$pageon = false;

if ($pagenum == 2 && !$page2)
$pageon = false;

if ($pagenum == 3 && !$page3)
$pageon = false;

if ($pagenum == 4 && !$page4)
$pageon = false;

if ($pageon == false)
redirect("index.php?pagenum=$default");
It's my main admin page.. It's not reading my user permissions or not reading them correctly.. So it redirects me to my fallback page.

Any ideas? I've been looking all day and I haven't seen anything.

Re: Not reading rights correctly

Posted: Fri Sep 09, 2005 2:56 am
by timvw
Fractal wrote:

Code: Select all

if (!iADMIN || $userdata['user_rights'] == "")
fallback("../index.php");
Prepend the following to your scripts when developping:

Code: Select all

ini_set('error_reporting', E_ALL);
ini_set('display_errors', TRUE);
PHP will probably complain about iADMIN...

Re: Not reading rights correctly

Posted: Fri Sep 09, 2005 3:08 am
by Fractal
timvw wrote:
Fractal wrote:

Code: Select all

if (!iADMIN || $userdata['user_rights'] == "")
fallback("../index.php");
Prepend the following to your scripts when developping:

Code: Select all

ini_set('error_reporting', E_ALL);
ini_set('display_errors', TRUE);
PHP will probably complain about iADMIN...
Nope.. It doesn't complain about it.

Posted: Fri Sep 09, 2005 4:33 am
by raghavan20

Code: Select all

if (!iADMIN || $userdata['user_rights'] == "") 
fallback("../index.php");
I think you can not really know the result of !iADMIN. i think its not the best way to code the if condition.
put something like

Code: Select all

if (!iADMIN == 0 || $userdata['user_rights'] == "") 
fallback("../index.php"); 

//or


if (!iADMIN == 1 || $userdata['user_rights'] == "") 
fallback("../index.php");
i can blindly say that this if condition overrides the other if conditions as this is the first one. may be you take this if condition off for a while and try to see, if you get the priveleges right.

Re: Not reading rights correctly

Posted: Fri Sep 09, 2005 6:16 am
by Roja
Fractal wrote:Nope.. It doesn't complain about it.
If not, then where is iADMIN defined, and what is it defined as?

Re: Not reading rights correctly

Posted: Fri Sep 09, 2005 2:47 pm
by Fractal
Roja wrote:
Fractal wrote:Nope.. It doesn't complain about it.
If not, then where is iADMIN defined, and what is it defined as?
It's defined in the configuration file to check if a user is logged in and what his user level is.

define("iADMIN", $userdata['user_level'] >= 102 ? 1 : 0);