Page 1 of 1

User list

PostPosted: Mon Feb 13, 2012 4:32 am
by Elmo
Hi Steve,

Somehow the userlist in the admin panel is public and not private. So even when I'm not logged in as admin, I can still view the userlist. How can I change this?

Thank you.

Re: User list

PostPosted: Tue Feb 14, 2012 11:26 am
by shannah
What version of Web Auction are you using? And can you specify which admin panel you are referring to? Can you post your tables/users/users.php file?

-Steve

Re: User list

PostPosted: Tue Feb 14, 2012 1:22 pm
by Elmo
Hi Steve,

According to version.txt I use version 0.3.5 563.

By "admin panel" I mean that if I go to www.mywebsite.com/index.php?-table=users I should see something like "Please login to access this section of the site". But instead it just shows me all the user info, even though I'm not logged in.

The code of my tables/users/users.php file:
Code: Select all
<?php
class tables_users{

/**
* These calculated functions were used for the SFU plantsale because we
* didn't store this information.  Rather, we obtained if from LDAP.
*
   function field__email(&$record){
      $info = $record->val('ldap_info');
      return $info['mail'];
   }
   
   function field__fullname(&$record){
      $info = $record->val('ldap_info');
      return $info['cn'];
   }
   
   function field__title(&$record){
      $info = $record->val('ldap_info');
      return $info['title'];
   }
   
   function field__department(&$record){
      $info = $record->val('ldap_info');
      return $info['ou'];
   }
   
   function field__phone(&$record){
      $info = $record->val('ldap_info');
      return $info['telephoneNumber'];
   }
   
   function field__ldap_info(&$record){
      $info = getLDAPUserInfo($record->val("username"));
      return $info;
   }
/**/

   function getPermissions(&$record){
   /*
      $app =& Dataface_Application::getInstance();
      $del =& $app->getDelegate();
      $perms =& $del->getPermissions($record);
   */
      //if ( $record ) echo "Yes"; else echo "No";
      //if ( $record and $record->val('username') ) echo "We have a username";
      if ( isAdmin() or ( $record and ($record->strval('username') == getUsername()))) {
         $perms = Dataface_PermissionsTool::ALL();
      } else {
         $perms = Dataface_PermissionsTool::READ_ONLY();
      }
      $perms['new'] = 1;
      return $perms;
   }
   
   function username__permissions(&$record){
      $perms = $this->role__permissions($record);
      $perms['new'] = 1;
      return $perms;
   
   }
   
   function role__permissions(&$record){
      if ( isAdmin() ){
         return Dataface_PermissionsTool::ALL();
      } else {
         return Dataface_PermissionsTool::READ_ONLY();
      }
   }
   
   function block__after_view_tab_content(){
      if (isAdmin()){
         $app =& Dataface_Application::getInstance();
         $record =& $app->getRecord();
         df_display(array('user'=>&$record), 'after_user_profile.html');
      }
   }
   
   function field__fullname(&$record){
      return $record->val('firstname').' '.$record->val('lastname');
   }
   
   function role__default(){
      return 'USER';
   }
   
   function beforeSave(&$record){
      if ( $record->valueChanged('username') ){
         $res = mysql_query("select count(*) from `users` where `username`='".addslashes($record->strval('username'))."'", df_db());
         if ( !$res ) trigger_error(mysql_error(df_db()), E_USER_ERROR);
         list($num) = mysql_fetch_row($res);
         if ( $num > 0 ) return PEAR::raiseError("Deze gebruikersnaam bestaat al. Kies aub een andere gebruikersnaam.", DATAFACE_E_NOTICE);
      }   
   }

}
?>


Thanks.

Re: User list

PostPosted: Tue Feb 14, 2012 1:39 pm
by shannah
Yes. You need to update your version of Web Auction. At the very least you should replace your tables/users/users.php with the one from the latest version. I also recommend replacing the dataface directory with the one from the latest version as there were some critical bug fixes in 0.3.7.

-Steve

Re: User list

PostPosted: Wed Feb 15, 2012 2:05 am
by Elmo
Thank you so much! Replacing tables/users/users.php did the trick! :D