1
Twiztid
Admin Rights
  • 2006/11/27 20:28

  • Twiztid

  • Just popping in

  • Posts: 49

  • Since: 2006/7/21


Hey everyone,

Ok -- you don't need experience with the module to help me, but I am using the "Realty" module, and I want to make it so ANONYMOUS users have Admin rights to the module.

The reason for this is:

The admin panel requires a seperate login that can be found at domain-name/modules/realty/admin.php

I have given REGISTERED USERS admin rights to the module and it works fine.

However, when I give ANONYMOUS users admin rights to the module, when you go to the above URL it says "Sorry, you do not have permission to access this module".

In the "admin_header.php" file of this module we've found this section of code which is relevant:


include("../../../mainfile.php");
include_once(XOOPS_ROOT_PATH."/class/xoopsmodule.php");
include(XOOPS_ROOT_PATH."/include/cp_functions.php");
if ( $xoopsUser ) {
$xoopsModule = XoopsModule::getByDirname("realty");
if ( !$xoopsUser->isAdmin($xoopsModule->mid()) ) {
redirect_header(XOOPS_URL."/",3,_NOPERM);
exit();
}
} else {
redirect_header(XOOPS_URL."/",3,_NOPERM);
exit();
}
if ( @file_exists("../../../language/".$xoopsConfig['language']."/admin.php") ) {
include("../../../language/".$xoopsConfig['language']."/admin.php");
} else {
include("../../../language/english/admin.php");
}
?>

I have been told that "3" is the anonymous user group, which makes me believe this code is saying "if the user is from the anonymous group, forward him to a NO PERMISSION page".

If ANYONE knows what changes to make to allow anonymous users admin access to this module, please help me :)

Yes, I know it's BAD to allow Anymous users admin rights -- but since this module requires you to login twice, it makes sense.

Thank you,

Jamie

2
Quest
Re: Admin Rights
  • 2006/11/27 20:41

  • Quest

  • Friend of XOOPS

  • Posts: 1034

  • Since: 2005/11/19


What Realty module are you using?

Have you checked in the preferences settings for the module to see if there is a setting there which needs to be checked or maybe even un-checked that would help.

Be carefull, very carefull who you give admin rights to to any module. They just aren't designed for everyone to have admin rights. Usually the rights a registered or anonymouse user needs to submit, edit ect are built into the module so that you never have to give just anyone admin rights to any module. Regardless how many times they login. If a user has to login then there should be settings which you can configure that will give them the accesses they need, but not to the entire module.

Check all your possible settings for the module.

HTHs
Quest


What one sees on the surface does not mean that is what is inside.

3
Twiztid
Re: Admin Rights
  • 2006/11/27 22:31

  • Twiztid

  • Just popping in

  • Posts: 49

  • Since: 2006/7/21


Quest,

Yes -- I have checked every option throughly.

I am using Realty 3.0, the last known version of the module.

Some refer to it as 3.1, but in the docs it's stated at 3.0.

I understand your warning, and I agree very much -- however, this module is a bit different in the sense that you can set a user to NOT be an admin, but in order to allow a user to login they need ADMIN rights.

I am sorry if that doesn't make any sense, but the user needs ADMIN rights to the module just to access the login screen. This module keeps a seperate user database, aside from XOOPS and the rights of that user are defined by the modules's usertable, not XOOPS.

So, in essense -- giving module admin rights to this module will not have any ill effects, as all it allows somebody to do is access the module login screen, and from there after they login, it's determined what access they have.

If you have any idea from the code that I sent, what needs to be changed to by pass this -- i'd appreciate it. I can usually figure out php code, but this part I can't figure out.

Thanks,

Jamie

4
Quest
Re: Admin Rights
  • 2006/11/28 5:37

  • Quest

  • Friend of XOOPS

  • Posts: 1034

  • Since: 2005/11/19


I think I understand what you are saying. I have played around with that module and don't remember there being any reason to do it, but I don't think right sometimes anyway.

The only idea I can come up with at this time would be to take out the redirect code for #3. In both locations. I don't know that much about php but if you want them to have the access you say then I don't see any need for it being there.

Best of Luck
Quest

Login

Who's Online

433 user(s) are online (382 user(s) are browsing Support Forums)


Members: 0


Guests: 433


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits