WeBid Bug Tracking

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000384WeBidTemplatespublic2012-07-14 14:552013-07-27 17:22
Reporterpani100 
Assigned To 
PriorityhighSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.0.4 
Target VersionFixed in Version1.0.6 
Summary0000384: Bug in functions-user.php
DescriptionIn functions_user.php there are 2 functions that need addressing as are causing errors.



The 1st error comes from and invalid token. Classic example contact seller in auction page with 'user must be logged in' set in admin. As the token is missing already sending an email to seller results in a page loading which has a lot of errors (on the page and in the logs) and no css. This will be the same result for any page checking for a token and not having a valid one.



(adding the following line in send_email.tpl after [HTML]<FORM NAME="sendemail" ACTION="send_email.php" METHOD=POST>[/HTML]

[HTML]<input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">[/HTML] solves the invalid token for that page as we are giving the script a valid token but it does not address an invalid token action.)



Solution: replace in functions_user.php the whole if action in line 89

[PHP]if(!$valid_req)

            {

                global $template, $MSG, $ERR_077;

                $template->assign_vars(array(

                        'TITLE_MESSAGE' => $MSG['936'],

                        'BODY_MESSAGE' => $ERR_077

                        ));

                include 'header.php';

                $template->set_filenames(array(

                        'body' => 'message.tpl'

                        ));

                $template->display('body');

                include 'footer.php';

                exit; // kill the page

            }[/PHP]



with this one[PHP]if(!$valid_req)

            {

                global $MSG, $ERR_077;

                

                $_SESSION['msg_title'] = $MSG['936'];

                $_SESSION['msg_body'] = $ERR_077;

                    header('location: message.php');

                    exit; // kill the page

            }[/PHP]

The 2nd error: Viewing any sellers active auctions. In the browser address bar you will have[HTML]http://your_site/active_auctions.php?user_id=2[/HTML] [^]

if you replace the 2 with a user that doesn't exist example with 1000 results in [HTML]Fatal error: Call to undefined function view() in /home/................./public_html/webid294/header.php on line 49[/HTML]



Solution: in includes/functions_user.php around line 131 replace the function

[PHP]function is_valid_user($id)

    {

        global $system, $template, $MSG, $ERR_025, $DBPrefix;

        $query = "SELECT id FROM " . $DBPrefix . "users WHERE id = " . intval($id);

        $res = mysql_query($query);

        $system->check_mysql($res, $query, __LINE__, __FILE__);

        if (mysql_num_rows($res) == 0)

        {

            $template->assign_vars(array(

                    'TITLE_MESSAGE' => $MSG['415'],

                    'BODY_MESSAGE' => $ERR_025

                    ));

            include 'header.php';

            $template->set_filenames(array(

                    'body' => 'message.tpl'

                    ));

            $template->display('body');

            include 'footer.php';

            exit;

        }

    } [/PHP]

with this one

[PHP]function is_valid_user($id)

    {

        global $system, $MSG, $ERR_025, $DBPrefix;

        $query = "SELECT id FROM " . $DBPrefix . "users WHERE id = " . intval($id);

        $res = mysql_query($query);

        $system->check_mysql($res, $query, __LINE__, __FILE__);

        if (mysql_num_rows($res) == 0)

        {

            $_SESSION['msg_title'] = $MSG['415'];

            $_SESSION['msg_body'] = $ERR_025;

            header('location: message.php');

            exit;

        }

    }

  [/PHP]
TagsNo tags attached.
import_id386
Thread
Attached Files

- Relationships

-  Notes
(0000978)
rustystylus (viewer)
2012-07-25 17:38
edited on: 2012-07-25 17:44

Works fine for me. I am using 1.0.4.

Note: Forgot to clear cache in Webid admin first time round so it appeared not to work.
(0000979)
Chris Magrum (viewer)
2012-07-29 12:55
edited on: 1970-01-01 00:00

Perfect fix. 1.0.4 working. Thanks.
(0000980)
liraniom (viewer)
2012-08-16 05:50
edited on: 1970-01-01 00:00

Thank you pani!!, that fixed alot of my bugs.
thank you for helping the community .
(0000996)
nay27uk (reporter)
2012-11-29 15:52
edited on: 1970-01-01 00:00

Fixed for 1.0.5 sp1
(0001138)
Chris Gentry (viewer)
2013-07-27 15:56
edited on: 1970-01-01 00:00

running version 1.1 and when I hit send in contact the seller the page just reloads over and over trying your fix but I don't have a file php titled functions_user.php at all in the installed script. Was it renamed by any chance.
(0001139)
DrJ (reporter)
2013-07-27 17:22
edited on: 1970-01-01 00:00

Chris, I'm not sure which screen you are in when you are trying to contact the seller but the fix you are looking for may be here:

http://www.webidsupport.com/forums/project.php?issueid=445[/url] [^]

- Issue History
Date Modified Username Field Change
2015-04-01 13:17 renlok New Issue
2015-04-01 13:17 renlok import_id => 386
2015-04-01 13:17 renlok Date Submitted 2015-04-01 13:17 => 2012-07-14 14:55
2015-04-01 13:17 renlok Last Update 2015-04-01 13:17 => 2013-07-27 17:22


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker