Menu
▾
▴
[phpesp-dev] [ phpesp-Bugs-1410940 ] Accessing designer account admin logs you out
|
From: SourceForge.net <no...@so...> - 2006-06-23 15:27:47
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
