WeBid Bug Tracking - WeBid
View Issue Details
0000384WeBidTemplatespublic2012-07-14 14:552013-07-27 17:22
pani100 
 
highminorhave not tried
resolvedfixed 
1.0.4 
1.0.6 
386
0000384: Bug in functions-user.php
In functions_user.php there are 2 functions that need addressing as are causing errors.



The 1st error comes from and invalid token. Classic example contact seller in auction page with 'user must be logged in' set in admin. As the token is missing already sending an email to seller results in a page loading which has a lot of errors (on the page and in the logs) and no css. This will be the same result for any page checking for a token and not having a valid one.



(adding the following line in send_email.tpl after [HTML]<FORM NAME="sendemail" ACTION="send_email.php" METHOD=POST>[/HTML]

[HTML]<input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">[/HTML] solves the invalid token for that page as we are giving the script a valid token but it does not address an invalid token action.)



Solution: replace in functions_user.php the whole if action in line 89

[PHP]if(!$valid_req)

            {

                global $template, $MSG, $ERR_077;

                $template->assign_vars(array(

                        'TITLE_MESSAGE' => $MSG['936'],

                        'BODY_MESSAGE' => $ERR_077

                        ));

                include 'header.php';

                $template->set_filenames(array(

                        'body' => 'message.tpl'

                        ));

                $template->display('body');

                include 'footer.php';

                exit; // kill the page

            }[/PHP]



with this one[PHP]if(!$valid_req)

            {

                global $MSG, $ERR_077;

                

                $_SESSION['msg_title'] = $MSG['936'];

                $_SESSION['msg_body'] = $ERR_077;

                    header('location: message.php');

                    exit; // kill the page

            }[/PHP]

The 2nd error: Viewing any sellers active auctions. In the browser address bar you will have[HTML]http://your_site/active_auctions.php?user_id=2[/HTML] [^]

if you replace the 2 with a user that doesn't exist example with 1000 results in [HTML]Fatal error: Call to undefined function view() in /home/................./public_html/webid294/header.php on line 49[/HTML]



Solution: in includes/functions_user.php around line 131 replace the function

[PHP]function is_valid_user($id)

    {

        global $system, $template, $MSG, $ERR_025, $DBPrefix;

        $query = "SELECT id FROM " . $DBPrefix . "users WHERE id = " . intval($id);

        $res = mysql_query($query);

        $system->check_mysql($res, $query, __LINE__, __FILE__);

        if (mysql_num_rows($res) == 0)

        {

            $template->assign_vars(array(

                    'TITLE_MESSAGE' => $MSG['415'],

                    'BODY_MESSAGE' => $ERR_025

                    ));

            include 'header.php';

            $template->set_filenames(array(

                    'body' => 'message.tpl'

                    ));

            $template->display('body');

            include 'footer.php';

            exit;

        }

    } [/PHP]

with this one

[PHP]function is_valid_user($id)

    {

        global $system, $MSG, $ERR_025, $DBPrefix;

        $query = "SELECT id FROM " . $DBPrefix . "users WHERE id = " . intval($id);

        $res = mysql_query($query);

        $system->check_mysql($res, $query, __LINE__, __FILE__);

        if (mysql_num_rows($res) == 0)

        {

            $_SESSION['msg_title'] = $MSG['415'];

            $_SESSION['msg_body'] = $ERR_025;

            header('location: message.php');

            exit;

        }

    }

  [/PHP]
No tags attached.
Issue History
2015-04-01 13:17renlokNew Issue
2015-04-01 13:17renlokimport_id => 386
2015-04-01 13:17renlokDate Submitted2015-04-01 13:17 => 2012-07-14 14:55
2015-04-01 13:17renlokLast Update2015-04-01 13:17 => 2013-07-27 17:22

Notes
(0000978)
rustystylus   
2012-07-25 17:38   
(edited on: 2012-07-25 17:44)
Works fine for me. I am using 1.0.4.

Note: Forgot to clear cache in Webid admin first time round so it appeared not to work.
(0000979)
Chris Magrum   
2012-07-29 12:55   
(edited on: 1970-01-01 00:00)
Perfect fix. 1.0.4 working. Thanks.
(0000980)
liraniom   
2012-08-16 05:50   
(edited on: 1970-01-01 00:00)
Thank you pani!!, that fixed alot of my bugs.
thank you for helping the community .
(0000996)
nay27uk   
2012-11-29 15:52   
(edited on: 1970-01-01 00:00)
Fixed for 1.0.5 sp1
(0001138)
Chris Gentry   
2013-07-27 15:56   
(edited on: 1970-01-01 00:00)
running version 1.1 and when I hit send in contact the seller the page just reloads over and over trying your fix but I don't have a file php titled functions_user.php at all in the installed script. Was it renamed by any chance.
(0001139)
DrJ   
2013-07-27 17:22   
(edited on: 1970-01-01 00:00)
Chris, I'm not sure which screen you are in when you are trying to contact the seller but the fix you are looking for may be here:

http://www.webidsupport.com/forums/project.php?issueid=445[/url] [^]