This website can use cookies to improve the user experience

This website can use cookies to improve the user experience and to provide certain services and functions to users. Cookies contain small amounts of information (such as login information and user preferences) and will be stored on your device.

Enable All Cookies Privacy Policy

Limited permissions problem


avatar
cosmin 269
From: -
Limited permissions problem

I have a custom page for submitting downloads which use PAD files on my site.
Using your suggestion in this thread
http://www.esselbach.com/thread.php?id=517
, I've made it so only logged in users can submit downloads using that page. Problem is that I need those users to have limited privileges for the downloads section so I've given them "limited" privileges for the download section.
I have 3 problems. These limited users (I have set up such a dummy limited user for me to test with)

1) can't edit the downloads they submit through that page,
(Sorry. You can edit/remove only your own downloads)

This is because the form on my custom file submit page doesn't insert author $_POST in the db table and I can't tell why.
I've tried setting the value of the "author" field for my custom form to $insert[login_name] and it didn't work, the value stays empty and so does $author.

2) they can see commands and things they shouldn't see
Overview
Last 5 Downloads
Clear Cache

and 3) they can see other people's downloads even though they can only edit their own. If they can't edit them and they are not submitted by them, they shouldn't be visible.
Please help.

Edit:
Also,
after using this mod (downloads as news on the front page)
here http://www.esselbach.com/thread.php?id=328
even if a file is set to "hold back=yes" it will still show up on the frontpage.

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

Yes it does, there was an extra round bracket it seems.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

Another attempt:

if (($download_author == $admin[user_name]) or ($admin[user_candownload] == 1)) 

{

This one should work (hopefully)
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

Still nothing. It does the same thing.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

Sorry, it should be:

if (($download_author == $admin[user_name]) or ($admin[user_candownload]) == 1)) 

{
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

I suppose that goes in mod_downloads.php Did that, now none of the links under the downloads section work, the pages just stay blank.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

Replace:

if ($download_author == $admin[user_name]) 

{

with:

if ($download_author == $admin[user_name]) or ($admin[user_candownload]) == 1)

{
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

I have another problem. Now only the limited user who created a download can delete it. The admin can't see it at all.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

I will look into it tomorrow after I am in back in the office
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

OK, I sent it again.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

Found it in the mail server log. It didn't pass the spam filter on the server by 0.3 points. Please try to re-send it from a different account.
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

This morning 9:20 your time.
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

No. When did you send it?
1 Re: Limited permissions problem
avatar
OP 269
From: -
Limited permissions problem

Philipp, did you get my email?
1 Re: Limited permissions problem
avatar
Administrator
1342
From: Austria
Limited permissions problem

This is because the form on my custom file submit page doesn't insert author $_POST in the db table and I can't tell why.

Please post your code.

2) they can see commands and things they shouldn't see
Overview
Last 5 Downloads
Clear Cache

To remove overview, open cadmin/index.php and find:

       MkTabHeader("$words[MN]");

MkTabOption("$words[OV]","CP_main");
MkTabFooter();

and replace with:

       if ($admin[user_candownload] == 1) 

{
MkTabHeader("$words[MN]");
MkTabOption("$words[OV]","CP_main");
MkTabFooter();
}


For last 5 downloads find:

  if ($admin[user_candownload]) 

{
$result = DBQuery("SELECT download_website, download_title, download_id, download_hook FROM esselbach_st_downloads ORDER BY download_id DESC LIMIT 5");

and replace with:

  if ($admin[user_candownload] == 1) 

{
$result = DBQuery("SELECT download_website, download_title, download_id, download_hook FROM esselbach_st_downloads ORDER BY download_id DESC LIMIT 5");

For clear cache find:

         }

MkTabOption("$words[CN]","clearcache&opts=download");

and replace with:

 MkTabOption("$words[CN]","clearcache&opts=download");

}

and 3) they can see other people's downloads even though they can only edit their own. If they can't edit them and they are not submitted by them, they shouldn't be visible.

Open cadmin/mod_downloads.php and find:

        $result = DBQuery("SELECT download_website, download_title, download_id, download_hook FROM esselbach_st_downloads ORDER BY download_id DESC LIMIT 100");


while (list($download_website, $download_title, $download_id, $download_hook) = mysql_fetch_row($result))
{
if ($download_hook)
{
$download_title = "<font color="red">$download_title</font>";
}

TblMiddle2("$download_id / $download_website", "$download_title", "editdownload&opts=editdownload-$download_id", "editdownload&opts=deletedownload-$download_id");
}

and replace with:

        $result = DBQuery("SELECT download_website, download_author, download_title, download_id, download_hook FROM esselbach_st_downloads ORDER BY download_id DESC LIMIT 100");


while (list($download_website, $download_author, $download_title, $download_id, $download_hook) = mysql_fetch_row($result))
{
if ($download_hook)
{
$download_title = "<font color="red">$download_title</font>";
}

if ($download_author == $admin[user_name])
{
TblMiddle2("$download_id / $download_website", "$download_title", "editdownload&opts=editdownload-$download_id", "editdownload&opts=deletedownload-$download_id");
}
}

even if a file is set to "hold back=yes" it will still show up on the frontpage.

Replace:

$result = DBQuery("SELECT * FROM esselbach_st_downloads WHERE (download_time LIKE '%$story_date_array[$a]%') ORDER BY download_time DESC"); 

with:

$result = DBQuery("SELECT * FROM esselbach_st_downloads WHERE (download_time LIKE '%$story_date_array[$a]%') AND download_hook = '0' ORDER BY download_time DESC");

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.