User list

A place to discuss and receive support for the Web Auction application.

User list

Postby Elmo » Mon Feb 13, 2012 4:32 am

Hi Steve,

Somehow the userlist in the admin panel is public and not private. So even when I'm not logged in as admin, I can still view the userlist. How can I change this?

Thank you.
Elmo
 
Posts: 3
Joined: Mon Feb 13, 2012 4:30 am

Re: User list

Postby shannah » Tue Feb 14, 2012 11:26 am

What version of Web Auction are you using? And can you specify which admin panel you are referring to? Can you post your tables/users/users.php file?

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: User list

Postby Elmo » Tue Feb 14, 2012 1:22 pm

Hi Steve,

According to version.txt I use version 0.3.5 563.

By "admin panel" I mean that if I go to www.mywebsite.com/index.php?-table=users I should see something like "Please login to access this section of the site". But instead it just shows me all the user info, even though I'm not logged in.

The code of my tables/users/users.php file:
Code: Select all
<?php
class tables_users{

/**
* These calculated functions were used for the SFU plantsale because we
* didn't store this information.  Rather, we obtained if from LDAP.
*
   function field__email(&$record){
      $info = $record->val('ldap_info');
      return $info['mail'];
   }
   
   function field__fullname(&$record){
      $info = $record->val('ldap_info');
      return $info['cn'];
   }
   
   function field__title(&$record){
      $info = $record->val('ldap_info');
      return $info['title'];
   }
   
   function field__department(&$record){
      $info = $record->val('ldap_info');
      return $info['ou'];
   }
   
   function field__phone(&$record){
      $info = $record->val('ldap_info');
      return $info['telephoneNumber'];
   }
   
   function field__ldap_info(&$record){
      $info = getLDAPUserInfo($record->val("username"));
      return $info;
   }
/**/

   function getPermissions(&$record){
   /*
      $app =& Dataface_Application::getInstance();
      $del =& $app->getDelegate();
      $perms =& $del->getPermissions($record);
   */
      //if ( $record ) echo "Yes"; else echo "No";
      //if ( $record and $record->val('username') ) echo "We have a username";
      if ( isAdmin() or ( $record and ($record->strval('username') == getUsername()))) {
         $perms = Dataface_PermissionsTool::ALL();
      } else {
         $perms = Dataface_PermissionsTool::READ_ONLY();
      }
      $perms['new'] = 1;
      return $perms;
   }
   
   function username__permissions(&$record){
      $perms = $this->role__permissions($record);
      $perms['new'] = 1;
      return $perms;
   
   }
   
   function role__permissions(&$record){
      if ( isAdmin() ){
         return Dataface_PermissionsTool::ALL();
      } else {
         return Dataface_PermissionsTool::READ_ONLY();
      }
   }
   
   function block__after_view_tab_content(){
      if (isAdmin()){
         $app =& Dataface_Application::getInstance();
         $record =& $app->getRecord();
         df_display(array('user'=>&$record), 'after_user_profile.html');
      }
   }
   
   function field__fullname(&$record){
      return $record->val('firstname').' '.$record->val('lastname');
   }
   
   function role__default(){
      return 'USER';
   }
   
   function beforeSave(&$record){
      if ( $record->valueChanged('username') ){
         $res = mysql_query("select count(*) from `users` where `username`='".addslashes($record->strval('username'))."'", df_db());
         if ( !$res ) trigger_error(mysql_error(df_db()), E_USER_ERROR);
         list($num) = mysql_fetch_row($res);
         if ( $num > 0 ) return PEAR::raiseError("Deze gebruikersnaam bestaat al. Kies aub een andere gebruikersnaam.", DATAFACE_E_NOTICE);
      }   
   }

}
?>


Thanks.
Elmo
 
Posts: 3
Joined: Mon Feb 13, 2012 4:30 am

Re: User list

Postby shannah » Tue Feb 14, 2012 1:39 pm

Yes. You need to update your version of Web Auction. At the very least you should replace your tables/users/users.php with the one from the latest version. I also recommend replacing the dataface directory with the one from the latest version as there were some critical bug fixes in 0.3.7.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: User list

Postby Elmo » Wed Feb 15, 2012 2:05 am

Thank you so much! Replacing tables/users/users.php did the trick! :D
Elmo
 
Posts: 3
Joined: Mon Feb 13, 2012 4:30 am


Return to Web Auction Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved