Hello all.
I'm in what is hopefully the final testing of JFiction for Joomla 1.5/eFiction. I was having very odd problems with valid members who could not access the Add New Stories function (I kept getting the Not Authorized message). I double-checked to be sure that I'd enabled unsolicited submissions.
Anyway, I looked into the stories.php (the non-admin version) and found the following line (around line 43 or so):
if(!isMEMBER || ($submissionsoff && !isADMIN) || (!isADMIN && isset($uid))) accessDenied( );
Because the entire IF statement is a combination of several OR conditionals, all it takes is for ONE of the conditionals to validate and the entire statement becomes true.
The final OR conditional:
!isADMIN && isset($uid)
literally reads "if the user is not an admin AND has a valid uid, deny access."
So, I just changed the line so that the entire conditional now reads as follows:
if(!isMEMBER || ($submissionsoff && !isADMIN) || (!isADMIN && !isset($uid))) accessDenied( );
Thus far, the above code fixed my problem, and still keeps out truly unauthorized users.
Again, not sure if this is a bug or a case where I missed a setting somehow, but just wanted to let you know. π
No the final or doesn't say that. It says if the user isn't an admin and a specific uid has been passed to the form (they're editing someone else's story). Change it back. You've enabled all users to edit everyone else's stories.
The issue is, even though members are correctly added via the synchronization, and can log into each system perfectly, the Stories file ALWAYS denies them entry.
The only other issue I can think of is perhaps how cookies are built. I added a 'lastActivity' key to the session and cookie. Would this cause eFiction to deny access to these functions, even to valid, correctly defined members?
UPDATE: I believe I tracked this down. Nothing to do with Stories.php. Sorry about any confusion! π
