StevenMarks Posted October 1, 2013 Share Posted October 1, 2013 Hi All, A bit of a strange one here. I have created the below function and it works for the most part however I noticed that I was still getting access denied. I checked the httpd log and saw this error: [Tue Oct 01 10:12:46 2013] [error] [client 127.0.0.1] PHP Notice: Undefined index: $access in /var/www/xxxx/public_html/dev/v2.0/inc/functions.php on line 652 I then took a look at the MySQL log to see if there was an issue with the query that the function submits: SELECT grp.Can_View_Users, grp.group_id, group_name, group_enabled, grp.created, grp.updated FROM groups grp LEFT JOIN members AS users USING(group_id) WHERE users.id =27 GROUP BY grp.group_id as you can see here it is setting the parameter correctly but when setting it for the PHP code on line 652 it doesnt work :S confused. function GroupAccess($access){ $db = new DbConnector(); $db->connect(); $sql='SELECT grp.'.$access.', grp.group_id, group_name, group_enabled, grp.created, grp.updated ' .'FROM '.GROUP_TBL.' grp ' .'LEFT JOIN '.USER_TBL.' AS users USING(group_id) ' .'WHERE users.id ='.$_SESSION['uid'].' GROUP BY grp.group_id'; $result = $db->query($sql); $rows = $db->fetchArray($result); if($rows['$access'] == 1 && $rows['group_enabled'] == 1) return true; } the above starts at line 643 any assistance would be appreciated as im pulling my hair out here!! Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 1, 2013 Share Posted October 1, 2013 (edited) $rows['$access'] should be $rows[$access] (no quotes round $access var) Edited October 1, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
StevenMarks Posted October 3, 2013 Author Share Posted October 3, 2013 Hi Thanks for the reply, this seems to have fixed the error i was getting however it still states access denied on the page this is the code i use at the top of my php page is this incorrect? if(!$PermCheck->isAdmin() || !$PermCheck->GroupAccess('Can_View_Users') ) die('Access Denied'); Quote Link to comment Share on other sites More sharing options...
Barand Posted October 3, 2013 Share Posted October 3, 2013 I suspect you need && instead of || in that condition NOT (A OR B) === (NOT A) AND (NOT B) Quote Link to comment Share on other sites More sharing options...
StevenMarks Posted October 3, 2013 Author Share Posted October 3, 2013 no because they don't need to be an admin to have access to this section. they can either have the permission through a group or if they are an admin they get the access. If I change it to AND will that mean they have to be admin and have the permission? it needs to be: IF !isadmin OR !Can_View_Users THEN die Quote Link to comment Share on other sites More sharing options...
Solution PaulRyan Posted October 3, 2013 Solution Share Posted October 3, 2013 Bar and is correct. You're current statement equates to, that if the user is not an admin or if the users cannot view users them the access is denied. If either one of those is false, then they don't get access. You need to change it to && not ||. Quote Link to comment Share on other sites More sharing options...
StevenMarks Posted October 3, 2013 Author Share Posted October 3, 2013 You are a star, that makes sense thanks for the assistance Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.