Re: [MRBS-general] Security Level Problems after upgrade to latest version

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Not quite sure why it's not happening automatically, but, yes, the easiest
thing to do is to add the column manually using phpMyAdmin.

It should be

level     smallint DEFAULT '0' NOT NULL

Admins are level 2.   Everybody else level 1.

Campbell

From: Paul Haysom [mailto:Pau...@be...] 
Sent: 25 February 2011 10:42
To: mrb...@li...
Subject: [MRBS-general] Security Level Problems after upgrade to latest
version

Hi,

I  have just installed a fresh copy of the latest MRBS version:

Room Booking System <http://mrbs.sourceforge.net/> :MRBS 1.4.6
Database:MySQL 5.0.33 System:Windows NT S007706 5.1 build 2600 Server
time:2/25/2011 10:15:50 AM PHP:5.2.1

I setup config.inc.php to point to existing database  and then copied over
and modified relevant sections from systemdefaults.inc.php

When loaded the system successfully updated the database to current version.

Managed to login as a user and create a booking.

I am using PHP to get the username and db to get password,

However when trying to login as an admin it logs in OK, but as a user. This
is true for any administrator

The existing install version (1.4) works fine however even with the upgraded
database.

I have set the $auth["admin"][] = "adminuser"; setting for all admins but
there does not appear to be an additional field in the database for the
security Level as mentioned in the section below:

 This list is not needed when using the 'db' authentication scheme EXCEPT
// when upgrading from a pre-MRBS 1.4.2 system that used db authentication.
// Pre-1.4.2 the 'db' authentication scheme did need this list.   When
running
// edit_users.php for the first time in a 1.4.2 system or later, with an
existing
// users list in the database, the system will automatically add a field to
// the table for access rights and give admin rights to those users in the
database
// for whom admin rights are defined here.   After that this list is
ignored.
unset($auth["admin"]);              // Include this when copying to
config.inc.php
$auth["admin"][] = "127.0.0.1";     // localhost IP address. Useful with IP
sessions.
$auth["admin"][] = "administrator"; // A user name from the user list.
Useful 
                                    // with most other session schemes.

I am not sure about the line unset($auth["admin"]);              

Hope this makes sense?

Is it just a simple case of adding the extra field in the user table via
phpmyadmin?

Many thanks

Paul Haysom