#132 Different checking of module access rights

XOOPS 2.1.x (9)


I have upgraded to Xoops 2.2 recently. I have come
across a problem with accessing the xfmod module (part
of myXoopsForge). Basically access denied problem.

I have found that the problematic code causing this is
the checkAccess() method in /kernel/module.php. The
existing code is trying to figure out the current
directory based on presence of xoops-version.php. If
it's present, it concludes that the module's scripts
are being accessed. If it's found in the parent
directory, it concludes that a script in admin
subdirectory is being accessed.

The xfmod module does not follow the expected two-level
directory hierarchy.

Here is what I changed to fix the problem:

* check user's access to the module

* @return bool

function checkAccess() {
global $xoopsUser, $xoopsOption;
$groupperm_handler =&
$groups = $xoopsUser ? $xoopsUser->getGroups()
if (file_exists('./xoops_version.php')) {
$right = 'module_read';
elseif (file_exists('../xoops_version.php')) {
$xoopsOption['pagetype'] = "admin";
$right = 'module_admin';
else {
return true;


    $path_parts = pathinfo($_SERVER['PHP_SELF']);
    $pattern =

$match = preg_match($pattern,
// does the directory path contain
if ( ($match != false) && ($match > 0) ) {
$xoopsOption['pagetype'] = "admin";
$right = 'module_admin';
else {
$right = 'module_read';

    return $groupperm_handler->checkRight($right,

$this->getVar( 'mid' ), $groups );

Should I provide a diff output too or it's ok like this?

My environment:

Xoops 2.2
Apache 2.0.46
PHP 4.3.2
MySQL 3.23.58
Red Hat Enterprise Linux AS 3.4

Best regards,



  • Jan Pedersen

    Jan Pedersen - 2005-09-29

    Logged In: YES

    Fixed in CVS and waiting for review before merging to the trunk.

  • Jan Pedersen

    Jan Pedersen - 2005-09-29

    Logged In: YES

    Sorry - counter-order.

    Files inside modules should only be accessed in the module's
    root (frontside) and module root/admin (admin pages)

    That's how it has been and that is something we want to keep.
    You are welcome to contact me for a discussion on how you
    can solve your problem, though.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks