Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > BOOK: PHP and MySQL: Create-Modify-Reuse ISBN: 978-0-470-19242-9
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: PHP and MySQL: Create-Modify-Reuse ISBN: 978-0-470-19242-9
This is the forum to discuss the Wrox book PHP and MySQL: Create-Modify-Reuse by Timothy Boronczyk, Martin E. Psinas; ISBN: 9780470192429
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: PHP and MySQL: Create-Modify-Reuse ISBN: 978-0-470-19242-9 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old October 8th, 2009, 12:33 PM
Authorized User
Points: 374, Level: 6
Points: 374, Level: 6 Points: 374, Level: 6 Points: 374, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2009
Location: San Jose, Californina
Posts: 77
Thanks: 4
Thanked 6 Times in 6 Posts
Default Chap 2, add_forum.php, ~$user->permission is not working properly

PROBLEM:

In file add_forum.php there is a line which checks permissions.
It is line 12 in the book.

Code:
   if (~$user->permission & User::CREATE_FORUM)
The negation of $user->permission (~$user->permission) is not
working properly.

By default, when a user registers, they have no privilege to add forums.
I can register a user, and that user can login and
start adding forums. This is not correct. That user should get
the message "Sorry, you do not have sufficient privileges to create
new forums."

(I realize the program is designed to come in from view.php, and
in view.php it does a check for $user->permission, so you have to
pass that before you even come here, but still the ~$user->permission
is an incorrect value here. For testing purposes,
I have a link the comes straight here to add_forum.php)

SOLUTION:

I was able to solve the problem by casting $user->permission as an int
So the line reads

Code:
        if (~ (int) $user->permission & User::CREATE_FORUM)
This solved the problem.


DEBUGGING and DETAILS

I verified that I was at least working with the correct
user object that was being returned from this line
in add_forum.php (correct uid, username, etc)

$user = User::getById($_SESSION['userId']);

debugging steps to test the permission problem.

1. I put a print right after getById. This way we
can see if user->permission is getting set correctly,
and see if ~$user->permission is correct

2. I tried setting different permission values. These are set in file
User.php, function __construct, around line 20 in the book, the line
Code:
        'permission' => 0);
3. Foreach time you set a new value,
register a new user, then click your add_forum link and
check the value of $user->permission and ~$user->permission.

For all cases, $user->permission would always be correct
For all cases, ~$user->permission would never be correct;
here are the incorrect values for a few cases
basically prints garbage in decimal and 0 in hex
permission prints in decimal prints in hex
0 Idiaeresis 0
3 (0011) Igrave 0
13 (1101) Icircumflex Igrave 0
15 (1111) Icircumflex Egrave 0


debugging to test in a different way

NOW, simply hardcode the permission value in
add_forum.php somewhere after the call to getById.
In other words you are overriding the value returned by getById.
For example,
Code:
 $user->permission = 0;
(play around and
set it to different values)
In this case, ~$user->permission always has the correct value.

SO, this appears to have something to do with the user object returned
from the database by getById.


CONFIGURATION.

mysq: version 4.1.22

On the phpMyAdmain section under user table is has
Field: PERMISSION
Type: int(10)
Collation:
Attributes: unsigned
Null: no
Default: 0

Note: When I started, I altered the USER table just like the book
says on page 32.
Code:
      ADD PERMISSION INTEGER UNSIGNED NOT NULL DEFAULT 0
Comment: This may have something to do with the type being int(10)
because user_id is also int(10) and just for kicks I tried negating
that in add_forum.php and it gave wrong results too.

running on unix: FreeBSD 4.10-RELEASE #10

> php -version
PHP 5.2.6 (cli) (built: Feb 26 2009 08:23:11)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
>
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web service not working properly in IIS Abhinavnaresh ASP.NET 2.0 Professional 1 April 10th, 2008 08:53 AM
ch 8 code is not working properly Dev_gh78 C# 1 August 4th, 2006 12:16 AM
No permission error on Chap 7, P.285 cJeffreywang BOOK: Beginning ASP 3.0 0 October 20th, 2005 12:55 AM
PreparedStatement not working properly wslyhbb Java Databases 3 September 9th, 2003 01:08 PM



All times are GMT -4. The time now is 03:56 PM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.