URL to your eFiction: http://www.ficwriters.com
--- esp. the entire challenges section
Version of eFiction: 3.5.3
Have you searched for your problem: yes
If so, what terms did you try: challenge, challenges, admin, admincats, undefined variable
State the nature of your problem:
In my site admins at levels 1 and 2 can respond to challenges and see the page without a problem but admins at levels 3 and 4 and members don't see the page and can't respond to the challenges, they get the "Error. You are not authorized to access that fuction." when they try.
I have tried looking into this and the error I see in the error_log of the challenges is this:
[27-Apr-2012 01:06:08 UTC] PHP Notice: Undefined variable: admincats in /home/ficwri/public_html/modules/challenges/challenges.php on line 49
I checked the challenges.php file and it states this.
// ----------------------------------------------------------------------
$current = "challenges";
if(isset($_GET['action']) && ($_GET['action'] == "add" || $_GET['action'] == "edit")) $displayform = 1;
include ("../../header.php");
//make a new TemplatePower object
if(file_exists( "$skindir/default.tpl")) $tpl = new TemplatePower("$skindir/default.tpl" );
else $tpl = new TemplatePower(_BASEDIR."default_tpls/default.tpl");
if(file_exists("$skindir/listings.tpl")) $tpl->assignInclude( "listings", "$skindir/listings.tpl" );
else $tpl->assignInclude( "listings", _BASEDIR."default_tpls/listings.tpl" );
$tpl->assignInclude( "header", "$skindir/header.tpl" );
$tpl->assignInclude( "footer", "$skindir/footer.tpl" );
include(_BASEDIR."includes/pagesetup.php");
$chalid = isset($_GET['chalid']) ? $_GET['chalid'] : false;
if($chalid && !isNumber($chalid)) unset($chalid, $action);
// security check
$admin = 0;
if(!isset($anonchallenges)) accessDenied( );
if(($action && ($action != "add" || !$anonchallenges)) && !isMEMBER) accessDenied( );
if(isADMIN && uLEVEL < 3) $admin = 1;
if(isADMIN && uLEVEL == 3) {
if(isset($chalid)) {
$challenge = dbquery("SELECT uid, catid from ".TABLEPREFIX."fanfiction_challenges WHERE chalid='$chalid' LIMIT 1");
list($chaluid, $catid) = dbrow($challenge);
if(uLEVEL == 3 && $admincats != 0) { ----- this is line 49
$seriescats = explode(",", $catid);
$adcats = explode(",", $admincats);
foreach($seriescats as $cat) {
if(in_array($cat, $adcats)) $admin = 1;
}
}
if($chaluid != USERUID && $admin != 1 && uLEVEL > 2) accessDenied( );
}
}
// end security check
I know there is much more coding to this but since its only erroring on line 49 I didn't think it was needed. If it is let me know and I will add it here.
I also checked the updated SVN files and this file or any other in the challenges files and none have been updated or fixed since 2009. This file on there reads exactly as the file shows above.
How do I fix this error so the admins and everyone has the ability to post and respond to the challenges.
It is installed correctly and I get no other errors.
Any help with this would be greatly appriecated.
This is checking what categories Level 3 admins are assigned in. It says if they are not assigned to any categories at all (which in eFiction is the same as ALL categories), then they are admins and should be authorized. If they are not assigned in the category that the challenge falls in, then they are not authorized.
Check Admin > Admins to see what categories your Level 3 can operate in. If they're set to no categories or are set to for the category the challenges are in, report back. : )
Granted, they should at least be able to view it even if they aren't assigned in that category imho. If that interests you then let me know.
The challenge of the month was put under all main categories and thats how some of the level 2 and 3s are separated is by what main categories they run. But regular members couldn't respond to it either.
Since I didn't get a response to this sooner and needed my challenges section working I just kept messing with the various numbers in this section and I finally got it to work for everyone. This is what I used.
// security check
$admin = 0;
if(!isset($anonchallenges)) accessDenied( );
if(($action && ($action != "add" || !$anonchallenges)) && !isMEMBER) accessDenied( );
if(isADMIN && uLEVEL < 3) $admin = 0;
if(isADMIN && uLEVEL == 3) {
if(isset($chalid)) {
$challenge = dbquery("SELECT uid, catid from ".TABLEPREFIX."fanfiction_challenges WHERE chalid='$chalid' LIMIT 1");
list($chaluid, $catid) = dbrow($challenge);
if(uLEVEL == 3 && $admincats != 0) {
$seriescats = explode(",", $catid);
$adcats = explode(",", $admincats);
foreach($seriescats as $cat) {
if(in_array($cat, $adcats)) $admin = 0;
}
}
if($chaluid != USERUID && $admin != 0 && uLEVEL > 2) accessDenied( );
}
}
// end security check
and it seems if you change line 44's - if(isADMIN && uLEVEL < 3) $admin = 1;
to this :
if(isADMIN && uLEVEL < 3) $admin = 0;
then the challenges section works for all 5 member levels on the site.
What do you think?
So that is turning of the admin stuff entirely. Meaning that none of the checks that were giving certain users admin power over the challenges are actually setting them with admin ability for it. It seems like that doesn't really matter so much to you.
I think this might actually be the problematic section
if($chaluid != USERUID && $admin != 1 && uLEVEL > 2) accessDenied( );
It says: If the user in question isn't the originator of the challenge, and they are not set as a challenge admin* and their user level is greater than 2, then deny them access.
(*the parts before this define the yes / no aka 0/1 of being a challenge admin)
It's the "and the user level is greater than 2" problem really that is the issue. This logic says that regardless of being a set as admin on the challenges, all level 3 admins are blocked out. In changing the 1s to 0s that you did, it makes the above section fail because all 3 parts have to be true. So you've basically set it up so that the second part always fails. Nothing wrong with that if that's what works for you, and it was definitely worth fiddling with to see if you could get it to work.
My brain's a little fuzzy right now but I think this would work (pending of course you revert your fix)
if($chaluid != USERUID && $admin != 1) accessDenied( );
That should allow level 3 admins in the category to do the admin functions. Untested. : D (Note that if they're l3 and they're not the originator of the challenge or in the category, they'd still get the access denied message. More work would be necessary to let them see it.)
