1
toolsmythe
Question about $GLOBALS['xoopsSecurity']->check()
  • 2006/6/22 15:42

  • toolsmythe

  • Just popping in

  • Posts: 34

  • Since: 2004/11/27


Greetings.

I apologise, this is not a true development question. It does involve the internals of XOOPS security however and I was not getting any responses posting in some of the other forums. I hope that by posting here, someone with knowledge of XOOPS internals might be able to help.

Can someone please explain to me what this is doing?

if (!$GLOBALS['xoopsSecurity']->check()) {
    
redirect_header($_POST['not_redirect'], 3implode(''$GLOBALS['xoopsSecurity']->getErrors()));
    exit();
}


More specifically, what is the call to $GLOBALS['xoopsSecurity']->check() doing?

I just noticed that on one of my sites, I cannot register a request to be notified of events (like the Global "Notify me of blah blah blah" or sub-global-level like "Notify me when a new comment is posted for this item.").

When I hit "Update Now", it winds up re-directing me without saving the notification request.

I've traced it through this far:

When I hit "Update Now", the form executes notification_update.php from the XOOPS root.

I get as far as this section of notification_update.php:

if (!$GLOBALS['xoopsSecurity']->check()) {
    
redirect_header($_POST['not_redirect'], 3implode(''$GLOBALS['xoopsSecurity']->getErrors()));
    exit();
}


where it takes the "true" path.

The call to $GLOBALS['xoopsSecurity']->getErrors() is returning an empty array (as near as I can tell).

I don't know enough about the internals of XOOPS to understand why this is failing. I have this working properly on another site. The biggest difference I can see between the two sites is the site that is working was a full install of XOOPS 2.0.13 whereas the site with broken notification is an upgrade to XOOPS 2.0.13.

Any help would be much appreciated. Thanks.

JP

2
scoobster
Re: Question about $GLOBALS['xoopsSecurity']->check()
  • 2006/6/22 15:54

  • scoobster

  • Just popping in

  • Posts: 28

  • Since: 2005/2/5 1


I don't know if this is going to help you, but the ->check() part is checking whether there is a valid $_REQUEST['XOOPS_TOKEN_REQUEST'] posted as part of your form. There should be a hidden field with it in within each form. If it isn't there the validation fails and you get the re-direct you're experiencing.

This function is in /class/xoopssecurity.php if you care to take a look.

3
toolsmythe
Re: Question about $GLOBALS['xoopsSecurity']->check()
  • 2006/6/22 16:58

  • toolsmythe

  • Just popping in

  • Posts: 34

  • Since: 2004/11/27


That's it!

It's there in the default template set, but not in the clone I made.

After I upgraded I re-generated all the templates that were marked. I guess maybe I still don't understand the upgrad process fully.

Why arent these changes reflected in my cloned templates and what do I need to do to get them there?

Thank you *SO* much!!

jp

Login

Who's Online

416 user(s) are online (321 user(s) are browsing Support Forums)


Members: 0


Guests: 416


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits