1
djayc2104
Need a answer to the following question please!
  • 2006/11/18 0:36

  • djayc2104

  • Just popping in

  • Posts: 40

  • Since: 2006/9/26


Hi,
Im in the final stages of my new module testing phase and just need a quick answer to my question if possible please.
The question is:
Everytime a user clicks the link into my new module, all the users seem to get admin rights to the rest of the site and when they come out of my module the admin rights stay.

Can anyone give me an answer to the question please.

Thanks in advance

Dave.

2
m0nty
Re: Need a answer to the following question please!
  • 2006/11/18 0:51

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


could be anything.

bad coding, bugs somewhere, improperly set permissions.. without seeing the module code, i doubt any1 could tell you where to start.

3
djayc2104
Re: Need a answer to the following question please!
  • 2006/11/18 1:11

  • djayc2104

  • Just popping in

  • Posts: 40

  • Since: 2006/9/26


Hi,
Posted my index code, have a look see if you can see a prob
<?php
require_once('../../mainfile.php');
include_once ('../../header.php');
global $xoopsUser, $xoopsDB;

$tpl = new XoopsTpl();
if(!is_object($xoopsUser)) {
redirect_header(XOOPS_URL, 0, _NOPERM);
}

$sql = $xoopsDB->query("SELECT groupid FROM ".$xoopsDB->prefix('groups')." WHERE name='Affiliate'");

list($groupid) = $xoopsDB->fetchRow($sql);
$uid = $xoopsUser->getVar("uid");
$uname = $xoopsUser->getVar("uname");

$sql = $xoopsDB->query("SELECT payment FROM ".$xoopsDB->prefix('affiliate_perc')." WHERE payid=1");
list($payment) = $xoopsDB->fetchRow($sql);

$linkurl = substr(md5(uniqid(mt_rand(), 1)),0 ,8);

$tpl->append('affs', array(
'uid'=>$uid,
'uname'=>$uname,
'linkurl'=>$linkurl,
'payment'=>$payment,
'groupid'=>$groupid));

$tpl->display(XOOPS_ROOT_PATH . "/modules/affiliate/templates/affiliate_index.html");

include "../../footer.php";

Can you tell anything from this.
all permissions to the module have been set correctly
im using XOOPS 2.0.15 with the new form.php uploaded.
Thanks
Dave

4
djayc2104
Re: Need a answer to the following question please!
  • 2006/11/18 1:28

  • djayc2104

  • Just popping in

  • Posts: 40

  • Since: 2006/9/26


hi,
Just to let you know, it happens the same with the module Wordpress. As a user you link into the module and it gives all users onsite, admin rights.
Thanks

Dave

5
m0nty
Re: Need a answer to the following question please!
  • 2006/11/18 1:37

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i can't see anything in there that deals with permissions..

also a few other pointers >

you should use include_once() instead of require_once for mainfile.php

instead of having $uname = ..........

you could omit that and use >

'uname'=> xoops_getLinkedUnameFromId($this->getVar('uid'));

i'm not that experienced with PHP, but i think you would need to have someone look at the whole module code itself to figure out the issue. i can't tell just from looking at that.

6
Mithrandir
Re: Need a answer to the following question please!

Sorry m0nty, but I have to rebuff what you say here.

Quote:

you should use include_once() instead of require_once for mainfile.php

Include or require is not important here, if the include cannot find the mainfile.php, the $xoopsDB call will throw a fatal error anyway.

Quote:

instead of having $uname = ..........

you could omit that and use >

'uname'=> xoops_getLinkedUnameFromId($this->getVar('uid'));

First off, $this is not defined when in the global scope, so this will throw a fatal error.
Secondly, there is absolutely no need to make another database call when you already have the information you want in the $xoopsUser object, so what he is doing is correct.

Quote:

$tpl = new XoopsTpl();

on the other hand is wrong. You do not manually instantiate the XoopsTpl object as it is done in header.php

Quote:

$sql = $xoopsDB->query("SELECT groupid FROM ".$xoopsDB->prefix('groups')." WHERE name='Affiliate'");

Strictly speaking, what you have is not an SQL statement in the variable, but a DB resultset, so calling the variable $sql is misleading.
Also, querying the groups table directly instead of through the group or member handler class is a nono.
AND querying for a hardcoded group name is... in the lack of a better term... poor. You could use a module configuration option for selecting the proper group.

Quote:

$tpl->append('affs', array(
'uid'=>$uid,
'uname'=>$uname,
'linkurl'=>$linkurl,
'payment'=>$payment,
'groupid'=>$groupid));

No biggie, but append() adds another dimension to the array in Smarty, which is only really useful, when you call it several times. In this case, it would make the template easier to follow if you use assign()

Quote:
$tpl->display(XOOPS_ROOT_PATH . "/modules/affiliate/templates/affiliate_index.html");

Again, not needed. Just set $xoopsOption['template_main'] = "affiliate_index.html";
preferably before including header.php

Quote:
users seem to get admin rights to the rest of the site and when they come out of my module the admin rights stay.

Can you detail it more? Are people actually getting admin rights or does the "Administration menu" link just turn up in their user menu? What can they admin?
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software

7
djayc2104
Re: Need a answer to the following question please!
  • 2006/11/18 11:02

  • djayc2104

  • Just popping in

  • Posts: 40

  • Since: 2006/9/26


Hi,
Cheers for all that mithrandir.
I havent used XOOPS long so I dont know how to call the group yet through XOOPS so that is why I used a hard call to the DB.
The user is getting admin rights to my module only in the admin screen not the rest.
How do I stop this from happing?
and ok I am a newbie who is reading the manual and then trying to put together my module.

Thanks again for all your responses

Dave

8
tripmon
Re: Need a answer to the following question please!
  • 2006/11/18 11:46

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


Are you POSITIVE that you have not provided admin access to the module(s) to a group other than admins via Admin Section->System Admin->Groups ?

Cick Modify on all the groups you have (other than Webmaster) and look at the 'System Admin rights' under 'Description'... remove any checkmarks here.... only the Webmaster group should have access.

HTH

9
djayc2104
Re: Need a answer to the following question please!
  • 2006/11/18 11:55

  • djayc2104

  • Just popping in

  • Posts: 40

  • Since: 2006/9/26


Hi,
Thanks for your response Tripmon

I will try that when I get home after finishing work and will post if it worked or not.

Once again thanks to everyone for there responses.

Can someone post a quick response regarding how to use the group of member handler because I am hard calling a group name instead of what is used in xoops.

Being a php programmer that is all I know how to do it.

Thanks

Dave

Login

Who's Online

226 user(s) are online (115 user(s) are browsing Support Forums)


Members: 0


Guests: 226


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits