Gossamer Forum
Home : Products : DBMan : Customization :

Permissions - What did I do?

(Page 1 of 2)
> >
Quote Reply
Permissions - What did I do?
Done a few modification's recently. All "appeared" fine, 'til I, the admin, tried to modify someone else's record. More specifically, I just updated, with my admin permission, an alumni # to one of my recent additions -- only way I could get to the record was thru list all, then it updated with "my" email address. My most recent mod was to take away the option to change email in records and use the Change Email link.

The permissions for me appear correctly on the page, i.e., View Add Delete Modify Admin. I even signed on with a user account, tried to view records thru my Excel mod -- found no records, :-0.

What did I do? Where should I start troubleshooting?

JR

-- FIXED --

I had
Code:
'Email Address' => [13, 'alpha', -1, 50, 0, &get_email, '.+@.+..+'],
in my .cfg file. I think the valid_expr was being confused by the sub change_email routine looking for the same thing -- soon as I removed the .+@.+..+, from my .cfg, all was fine again. Just food for thought for anyone else.

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
It's not working after all, :-(

When I create a user account, my .db gives me
Code:
|25-Jul-2000|Teacher/Faculty|Mr.|Webmaster||Joe|1060 W. Addison|Chicago|IL|United States|12345|123-456-7890|not found in password file|http://home.flash.net/~murgnam/|139757||No|test|murgnam
, while my .pass gives me the correct
Code:
murgnam:9fQBXzcDBq/bI:1:1:1:1:1:0:murgnam@flash.net
So ... again, what did I do?

JR


Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
I'm gonna have to look at your db.cgi file to figure this one out.

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
http://www.izmirhigh.com/db_cgi.txt
Thx.
JR

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
This doesn't make any sense to me at all. But let's try some things and see if we can't figure it out.

We know that the $in{'email'} variable is working fine in sub change_email. So, let's change

&change_email_in_records($db_userid);

to

&change_email_in_records($in{'email'});

In sub change_email_in_records, change

my ($userid) = $_[0];

to

my ($email) = $_[0];

and change

if ($userid eq $data[$auth_user_field]) {

to

if ($db_userid eq $data[$auth_user_field]) {

and change

$data[$auth_email_field] = $in{'email'};

to

$data[$auth_email_field] = $email;

Give that a try. This is really baffling.


JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
Same result, :-0, with yr changes @ http://www.izmirhigh.com/db_cgi.txt
The weird part, to me, is that from a user standpoint everything seems to work fine. The only way I new something was askew was when my majordomo came back saying [mailto]not.found.in.password.file@www43.rapidsite.net[/mailto] didn't get subscribed to my newsletter, :-0. Further, if it means anything, the ref to rapidsite.net, I think, is the server that izmirhigh.com runs thru. I'm still acquiring izmirhigh.com from a fellow alumni webmaster, had everything on IzmirHigh.com working great, 'til this -- couldn't have anything to do with that could it?
JR

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
This really makes no sense at all. The only place where the phrase

"not found in password file"

exists is in sub get_email. And that subroutine only reads from the database.

The new password is sent to the user when he changes his email address?

I'm really clutching at straws here. Are you sure you have uploaded the files to the correct server?



JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
Agreed with ever'thin your saying. I've got both the Databasetest and real database both uploaded to izmirhigh.com, so that's not the prob -- I'll re-do tho', just to make sure I didn't leave the keys in the freezer, <g>.

I can't believe I've stumped the panel on this one. I'm gonna sleep on it 'til this weekend, then retrace my steps over the past week, try and see what modification to a modified modification I may have done, that's causing the prob's. THANKS for the help.

JR

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
In Reply To:
just to make sure I didn't leave the keys in the freezer,
I've actually done that! Smile

Please let me know what happens!

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
JPD,
No keys in the freezer, but can't sleep now, :-0. It's "gotta" be the sub get_email that's askew. In sub html_record_form (html.pl) I've got
Code:
my (%rec) = @_;
if ($in{'add_form'}) {
$rec{'Email Address'} = &get_email;
}
($db_auto_generate and print &build_html_record_form(%rec) and return);
and my sub get_email (db.cgi) looks like this
Code:
sub get_email {
# --------------------------------------------------------
# Pulls the email address from the password file.

my ($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email);

open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>;
close PASSWD;

foreach $pass (@passwds) { # Go through each pass and see if we match..
next if ($pass =~ /^$/); # Skip blank lines.
next if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
if ($db_userid eq $userid) {
return $email;
}
}
return "$db_userid not found in password file";
}
What syntax are we missing?

Signed

Insomniac

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
Sorry you can't sleep. (I know the problem. Smile)

I thought the problem was when when you were changing the email address. It's when you're adding a record? (No wonder I couldn't figure it out. I was looking in the wrong place.)

Wait a minute. Your sample record said

|not found in password file|

But what should have been returned was

$db_userid not found in password file

In other words, the userid should have been in there. If the userid was "jpdeni" the record would have

|jpdeni not found in password file|

Except that it would have been found.

Your problem is that the $db_userid variable is not being set.

Now, she says to herself, why would that be?

Look in db.cgi and search for $db_userid. You should find

if ($uid eq "default") { $db_userid = $uid; }
else { ($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/; }


If you find those lines, start searching for some other place that the $db_userid might have been changed.

The user's *have* already logged in when they've added a record, right?

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
Code:
The user's *have* already logged in when they've added a record, right?
exactly. Create User Account|Add Record (force users to add record)|Move around the database without a problem. Of course, I'm sure if you were to try to send an email to this new user it would reject 'cause there not a valid email address to send to.
Code:
if ($uid eq "default") { $db_userid = $uid; }
else { ($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/; }
yes, that's in there, along with another half dozen or so ref's to $db_userid. Ref's to auth_user_field, change email and change password all seem sound. The only diff I can see is my inclusion of $mem into sub get_email to go along with my member permission mod, but taking those out doesn't seem to do anything.
I'm still at a loss, :-0. Would the placement or commenting out of
Code:
($db_auto_generate and print &build_html_record_form(%rec) and return);
have to do with anything? (yes, I'm clutching at straws now too)
My db_cgi.txt is still posted, what do your eyes see?
JR



Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
Just for debugging purposes, I would like you to add the following line to sub html_add_record:

<P>--$db_userid--<P>

Stick it somewhere within a print statement. See if anything prints out between the dashes.

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
uh, I don't have a sub html_add_record. Where to debug again?

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
I'm sorry. It's sub html_add_form. I need to go to bed!! Smile


JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
debug works fine, --userid--
JR

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
Okay. That's good. But I'm not sure what it tells us. Frown

(You can delete the line. We're done with it. Smile)

Is the email field a hidden field? If so, when you are on the add form, take a look at the source code in your browser and see what's in the field. If not, just look at the field. Let me know what it says.


JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
Hidden reads
Code:
<INPUT TYPE="HIDDEN" NAME="Email Address" SIZE="20" VALUE=" not found in password file" MAXLENGTH="50">
That said, you've got no sleep, I not enuff, now I got to go to work. I've got to table this and get back to it later.

Nite JPD (hint, hint)

JR

Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
Okey-dokey, Joe. Smile

When you get back, I want you to try something. This might fix it.

In sub html_record, change

$rec{'Email Address'} = &get_email;

to

$rec{'Email Address'} = &get_email($db_userid);

In sub get_email, right at the beginning, add

$userid_test = $_[0];

and change

if ($db_userid eq $userid) {

to

if ($userid_test eq $userid) {

and change

return "$db_userid not found in password file";

to

return "$userid_test not found in password file";

When you get back from work (and I have had some sleep), let me know if this does any better. Smile

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
...get as far as the Add Record form, when I click Add Record I get the Open|Save db.cgi box. It still saves the info to the database -- but still with the
Code:
not found in password file
. I checked the permissions of db.cgi (755) and html.pl (644), they're right. What next? Below are the latest files

http://www.izmirhigh.com/db_cgi.txt
http://www.izmirhigh.com/html_pl.txt

JR

Quote Reply
Re: Permissions - What did I do? In reply to
I guess you should go back to what you had before, then, if the new code is causing problems.

Okay. We know that $db_userid is there at the beginning of sub html_add_form. Let's make sure it's there at the beginning of sub html_record_form.

Right after

my (%rec) = @_;

add

print "<P>--$db_userid--<P>";



JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
OK, went back to my old, then inserted the
Code:
print "<P>--$db_userid--<P>";
as so
Code:
sub html_record_form {
# --------------------------------------------------------
# The form fields that will be displayed each time a record is edited (including searching).

my (%rec) = @_;
print "<P>--$db_userid--<P>";
if ($in{'add_form'}) {
$rec{'Email Address'} = &get_email;
}
($db_auto_generate and print &build_html_record_form(%rec) and return);
The --userid-- prints on the Add Form. Is it suppose to show somewhere else? Also, was thinking
Code:
######## Display personalized welcome message #########
$in{$db_key} = $db_userid;
my ($status,@hits) = &query("view");
undef %in;
if ($status eq "ok") {
%rec=&array_to_hash(0,@hits);
$ufirstn = "$rec{'First Name (Nickname) & Spouses Name'}";
$ulastn = "$rec{'Married Name'}";
}
else {
$name=$db_userid;
}
#######

print qq| Welcome, $ufirstn $ulastn! |;
might be causing a problem (yes, I'm reaching again), but even with commenting out, same not in password file problem.

Confidence is still high, but motrin is running real low, *sigh*

JR






Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
That's exactly where the userid should print out.

Let's try this, then.

This is going to be awful. You are really gonna hate it. But I don't know how else to figure this out.

In sub get_email, after

($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);

add

print "--$userid--$db_userid--<BR>";

You are going to end up with a list of every user in your .pass file. (I hope you don't have too many.)

Let me know what happens.

Your personalized message wouldn't cause any problems, but I understand clutching at straws.

JPD
http://www.jpdeni.com/dbman/
Quote Reply
Re: Permissions - What did I do? In reply to
rut roh, get the Open|Save db.cgi box again, ACK!

Reaching again ... this line of .cfg look right?
Code:
'Email Address' => [13, 'alpha', -1, 50, 0, &get_email, ''],
Webmaster
http://www.izmirhigh.com/index.shtml
Quote Reply
Re: Permissions - What did I do? In reply to
Okay. Delete the lines. I know what's going on now.

In Reply To:
'Email Address' => [13, 'alpha', -1, 50, 0, &get_email, ''],
No. This is not right.

It must be

'Email Address' => [13, 'alpha', -1, 50, 0, '', ''],

Also, it just occurred to me that you are using the "force new users to add a record" mod, which means they go to the add form straight from html_home.

In sub html_home, add the code that is in red below:

Code:

if ($per_add) {
$in{$db_key} = $db_userid;
my ($status,@hits) = &query('view');
unless ($status eq 'ok') { $in{'add_form'} = 1; &html_add_form; return; }
}
This should fix it.

JPD
http://www.jpdeni.com/dbman/
> >