News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Problem with don't let guests view attachments permission

Started by TDNY, December 01, 2009, 08:07:09 PM

Previous topic - Next topic

TDNY

Thanks for looking,
I'm using Vers. 1.1.11 with the default core theme. I have a bunch of mods.
When I don't allow guests to view attachments and a member logs in they see a random thumbnail size pic from the site in the upper left hand corner of a completely white page. It doesn't log you in. You need to close that page and open another one to try and log in again.
TDNY

Norv

Can you please show a screenshot of the problem? I am not certain I fully understand when, and what it shows.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Thanks for looking, here is a screen shot of what happens when you try to log in with permission set that guests can't view attachments.
TDNY

Norv

It looks that the attachment is being displayed. But you say it happens when you try to log in, so, perhaps SMF did accept the login and now you're logged in? That would be the expected behavior, so I'm afraid I still don't fully understand what is wrong.

If you could provide the link to your site, and a test account (normal member account, I suppose a normal member has the right to view attachments, while guests don't, please correct me if this is not the case), then we will try to understand the issue.
Any other information can be useful too.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY


TDNY

Quote from: Norv on December 03, 2009, 07:20:40 PM
It looks that the attachment is being displayed. But you say it happens when you try to log in, so, perhaps SMF did accept the login and now you're logged in?

Yes your logged in but the page you see is the pic I attached above, you have to re-enter my site address in the address bar and click "go" to get to my site.  If you have my site in your favorites you have to click on that to go to the site.

I sent you a link and a test member name and password.

TDNY

Norv

Ah, strange. It redirects the user at the attachment view, when logging in, instead of the home page, without me ever trying to view any attachment/avatar, just plainly logging in.

Please, make a list of all mods you have installed. It seems you have a gallery too, which behaves a little strange, there are placeholders for images while the user is not logged in (I presume it's because guests cannot view the pictures, but then wouldn't users expect to see nothing, not even placeholders? Just wondering.)
Also, do you have errors in the forum error log?
Also, do you have .htaccess file in your forum directory?

Update: it seems it only happens for quick login. If I login using "Login" menu item (from the full login page), it takes me to the homepage as expected.
It may be useful if you post your file index.template.php, from your theme's folder. (./Themes/default/index.template.php or ./Themes/your_theme/index.template.php).
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Thanks again so much for helping with this Norv,

Quote from: Norv on December 04, 2009, 08:43:34 PM

Please, make a list of all mods you have installed.

1.     RSS Feed Icon      1.1      
2.    Bakers Dozen Pages    1.1    
3.    Pretty URLs    0.9    
4.    Custom Profile Field Mod    3.20    
5.    SMF 1.0.19 / 1.1.11 Update    1.0    
6.    Random_Quote    1.2    
7.    Hide Info Center    0.1
8.    Ad Managment    2.3    
9.    SMF Affiliates    v2    
10.    SMF Sitemap    1.2.2    
11.    Thumbnail Topic Mod    1.1.1    
12.    New Style Message Icon    1.1    
13.    Colorize Boards    3.0    
14.    SMF 1.0.16 / 1.1.8 Update    1.0
15.    Yarex 2 smiley set    2.0.0.1    
16.    Let Me Google That For You Tag    1.1    
17.    SMF 1.0.18 / 1.1.10 / 2.0 RC1-2 Update    1.0    
18.    Custom_Greeting_Depending_on_Time    1.0    
19.    Googlebot & Spiders Mod    2.0.4    
20.    Go Up & Go Down    1.2    
21.    BK-SMF Sub-Board    1.5    
22.    Inline Attachments    1.0.4.2    
23.    SMF 1.0.17 / 1.1.9 / 2.0 RC1 Update    1.0    
24.    YouTube BBCode 2.5.1
Quote from: Norv on December 04, 2009, 08:43:34 PMIt seems you have a gallery too, which behaves a little strange, there are placeholders for images while the user is not logged in (I presume it's because guests cannot view the pictures, but then wouldn't users expect to see nothing, not even placeholders? Just wondering.)

Yes, the gallery was a paid item that someone on the site here did for me. It is used in conjunction with ad management.

Quote from: Norv on December 04, 2009, 08:43:34 PM
Also, do you have errors in the forum error log?
Also, do you have .htaccess file in your forum directory?
No errors really, just the usual once in a while something about "cannot affiliate add link"
I can't find a .htaccess file

Quote from: Norv on December 04, 2009, 08:43:34 PMUpdate: it seems it only happens for quick login. If I login using "Login" menu item (from the full login page), it takes me to the homepage as expected.
It may be useful if you post your file index.template.php, from your theme's folder. (./Themes/default/index.template.php or ./Themes/your_theme/index.template.php).

Oh wow I didn't notice that 8) here is the theme/index.template.php

TDNY

This is still an issue for me.  Any help is appreciated, thanks.
TDNY

Norv

Sorry for the delay. Please, consider uninstalling pretty urls, and see if it still happens. It has a very significant potential to interfere.
However, given the strange behavior (displaying a random gallery item, it seems), I would also wonder if the gallery code interferes with the return URL. Might be worth asking the gallery support about this possibility.

ETA: please eventually post also your file LogInOut.php. (./Sources directory)
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Quote from: Norv on December 08, 2009, 05:02:57 AM
Sorry for the delay. Please, consider uninstalling pretty urls, and see if it still happens. It has a very significant potential to interfere.
However, given the strange behavior (displaying a random gallery item, it seems), I would also wonder if the gallery code interferes with the return URL. Might be worth asking the gallery support about this possibility.

ETA: please eventually post also your file LogInOut.php. (./Sources directory)

I'll try uninstalling pretty URL's thanks again, here is the LogInOut.php.
TDNY

Norv

LogInOut: This file is identical to the file from the standard package, so I'm afraid the redirection is not here.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Ok thanks Norv,
  It's not the pretty URL's either I uninstalled it and still had the problem and I tried logging in and out quite a few times. I'll get in touch with the person who did the gallery to check their code.
TDNY

TDNY

Quote from: Norv on December 08, 2009, 05:02:57 AM
However, given the strange behavior (displaying a random gallery item, it seems), I would also wonder if the gallery code interferes with the return URL. Might be worth asking the gallery support about this possibility.

The gallery script / code is set up like an ad and is shown via ad management. If I turn the gallery ad off the problem is still there, it just shows another attachment from somewhere on the site. I have contacted the person who did the Gallery to take a look anyway, thenks.
TDNY

Norv

It shows an attachment which does not belong to the gallery?

Ah, well.
Please consider to post here if you want (or feel free to PM me) the access log of the server, for one day or less. The access log can be typically found in your host's panel, or in your FTP account, in some special folder.
Then again, I think I remember that pretty urls comes with an .htaccess file. If you look in SMF's directory, on your FTP, there could be a file with this name, perhaps. If it is, please post it.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Quote from: Norv on December 08, 2009, 08:20:38 AM
It shows an attachment which does not belong to the gallery?

Ah, well.
Please consider to post here if you want (or feel free to PM me) the access log of the server, for one day or less. The access log can be typically found in your host's panel, or in your FTP account, in some special folder.

Yes, it will show an image not in the gallery if I disable the ad.

I love Arvixe, I didn't know what you meant regarding the access log but they helped me get it, I am going to pm it to you as they said it was the secure way to go.
Thanks again,
TDNY

Norv

On another note: Please eventually consider making the following changes to LogInOut.php: (not tested, please keep at hand a copy of your unmodified file and replace it in case there is any problem):

Code (find) Select

// Set the login_url if it's not already set.
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
$_SESSION['login_url'] = $_SESSION['old_url'];

Code (replace) Select

// Set the login_url if it's not already set.
if (!empty($_SESSION['login_url']))
trigger_error("Already have SESSION[login_url]: $_SESSION['login_url']", E_USER_WARNING);
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
{
trigger_error("Setting SESSION[old_url]: $_SESSION['old_url']", E_USER_WARNING);
$_SESSION['login_url'] = $_SESSION['old_url'];
}


This modification will register in the error log of the forum (not of the server, this time) some warnings containing the URLs to which the users are directed after logging in. Please make it, and try replicating the problem, and once you succeed, please post the forum error log here (or PM it, as you wish). The forum error log can be accessed by Admin > Error log.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

TDNY

Ok thanks, here is the log you asked about.
TDNY

TDNY

Norv,
I changed the code you suggested too, when I try to log out I get this:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/icefishr/public_html/Sources/LogInOut.php on line 142

I changed it back.

TDNY

Norv

Oops. Please try using the following file, instead. (tested)
Just the same however, keep yours close. :)
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Advertisement: