Re: [MRBS-general] Security Level Problems after upgrade to latest version
Brought to you by:
jberanek
From: Campbell M. <cam...@gm...> - 2011-02-25 12:55:50
|
Not quite sure why it's not happening automatically, but, yes, the easiest thing to do is to add the column manually using phpMyAdmin. It should be level smallint DEFAULT '0' NOT NULL Admins are level 2. Everybody else level 1. Campbell From: Paul Haysom [mailto:Pau...@be...] Sent: 25 February 2011 10:42 To: mrb...@li... Subject: [MRBS-general] Security Level Problems after upgrade to latest version Hi, I have just installed a fresh copy of the latest MRBS version: Room Booking System <http://mrbs.sourceforge.net/> :MRBS 1.4.6 Database:MySQL 5.0.33 System:Windows NT S007706 5.1 build 2600 Server time:2/25/2011 10:15:50 AM PHP:5.2.1 I setup config.inc.php to point to existing database and then copied over and modified relevant sections from systemdefaults.inc.php When loaded the system successfully updated the database to current version. Managed to login as a user and create a booking. I am using PHP to get the username and db to get password, However when trying to login as an admin it logs in OK, but as a user. This is true for any administrator The existing install version (1.4) works fine however even with the upgraded database. I have set the $auth["admin"][] = "adminuser"; setting for all admins but there does not appear to be an additional field in the database for the security Level as mentioned in the section below: This list is not needed when using the 'db' authentication scheme EXCEPT // when upgrading from a pre-MRBS 1.4.2 system that used db authentication. // Pre-1.4.2 the 'db' authentication scheme did need this list. When running // edit_users.php for the first time in a 1.4.2 system or later, with an existing // users list in the database, the system will automatically add a field to // the table for access rights and give admin rights to those users in the database // for whom admin rights are defined here. After that this list is ignored. unset($auth["admin"]); // Include this when copying to config.inc.php $auth["admin"][] = "127.0.0.1"; // localhost IP address. Useful with IP sessions. $auth["admin"][] = "administrator"; // A user name from the user list. Useful // with most other session schemes. I am not sure about the line unset($auth["admin"]); Hope this makes sense? Is it just a simple case of adding the extra field in the user table via phpmyadmin? Many thanks Paul Haysom |