2. PHPRunner General questions
  3. [SOLVED]   Login as Guest Issue.
This topic is locked
[SOLVED]

  Login as Guest Issue.

 		6/8/2010 03:51:01
PHPRunner General questions
N
 nix386 author

Hi there, I have setup a simple contact form for users to submit a query if they have login issues using my phprunner application. This is a link on the login page that directs them to contact_form_add.php. I have enabled "Login as Guest with read only access" in the security>advanced and then set the appropriate static permissions for <guest> in security>permissions (<guest> only has permissions to add on contact_form_add.php page). Now this all seems to work ok however I noticed if I hit a list page without a login Example: http://www.mysite.com/customer_table_list.php the following error ensues Fatal error: Call to undefined function IsAdmin() in ....\customer_table_list.php on line 25
If I use something like this below it will expose all tables to a guest user which is bad.



Hi,
you need to set up $_SESSION["UserID"] in the generated files of the pages. Add this code
if (!@$_SESSION["UserID"])

$_SESSION["UserID"] = "Guest";
just before this line:
if(!@$_SESSION["UserID"])

{

$_SESSION["MyURL"]=$_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"];

header("Location: login.php?message=expired");

return;

}


Am I going about this the right way?
More detail on this error.

Fatal error: Call to undefined function IsAdmin() in ....\customer_table_list.php on line 25

Line 25 in customer_table_list.php
if(IsAdmin())

echo "<p>"."You don't have permissions to access this table"."
<a href=\"admin_rights_list.php\">"."Proceed to Admin Area"."</a> "."to set up user permissions"."</p>";

else

echo "<p>"."You don't have permissions to access this table"." <a href=\"login.php\">"."Back to Login Page"."</a></p>";

exit();


Cheers, Nick
A
 		ann 6/8/2010

Nick,
"Call to undefined function IsAdmin()" error means that generated include/commonfunctions.php file was not uploaded.

Try to clean internal directory and re-upload your files again. If it doesn't help please publish your project on Demo Account and open a ticket at http://support.xlinesoft.com sending a URL to your pages along with instructions on reproducing this error.
N
 		nix386 author 6/8/2010



Nick,
"Call to undefined function IsAdmin()" error means that generated include/commonfunctions.php file was not uploaded.

Try to clean internal directory and re-upload your files again. If it doesn't help please publish your project on Demo Account and open a ticket at http://support.xlinesoft.com sending a URL to your pages along with instructions on reproducing this error.


Thanks Ann but my data is sensitive so I cannot upload it however I might clarify what I want to achieve.
I want to be able to grant a user who has not logged in to access only one add page.

There they can submit the form then be redirected back to login.

I can currently do this with



$if (!@$_SESSION["UserID"])

$_SESSION["UserID"] = "Guest";


added to the generated add.php page however this saves the session which allows the Guest account to have privelaged access to all tables!
It's when I try to use the inbuilt guest options in security is when it generates the Call to undefined function IsAdmin() error.
P.S I've deleted the output and rebuilt but same error when using built-in Guest option..
Cheers, Nick
N
 		nix386 author 6/8/2010

I think I just answered my own question but if I use



$if (!@$_SESSION["UserID"])

$_SESSION["UserID"] = "Guest";


in the generated contact_form_add.php then use session_unset(); in add page: before process event does this pose any security risk?

I now cannot access the other tables as previously experienced.
Cheers, Nick