Access Denied when attempting to Edit User

New Member Joined: Jan 21, 2008 Posts: 19

Hi,

I am running phpNuke 7.6.3.5a with NukeSentinel 2.5.17 and recently installed NSN Groups 1.71. When I click on Edit Users in the Administration Menu (or Users in Module Administration), Access Denied appears in the upper left corner of the page and I cannot save changes.

Any help would be greatly appreciated.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Was it working before you installed NSN Groups?

Posted: Wed Apr 23, 2008 6:45 am

To the best of my knowledge, yes.

registered · Posted: Wed Apr 23, 2008 6:57 am

Not sure if this is going down the wrong path, but is the admin user you are using the God admin?

Posted: Wed Apr 23, 2008 7:39 am

Yes, I tried both the God admin and another admin.

A little more info: I created and activated a new account as if a new user. I then logged off from this test account and logged in as the God admin. I was able to delete the account through the Edit User menu. Additionally, I attempted to subscribe my normal account for 1 year, although this does not show in the Edit User screen (ie; the Subscribe User radio button is still "No" and the Period is "None"). I did however receive an email stating the following:

"This is an automated email to let you know that your subscription to our website's advertising removal has been activated starting from now and will be valid for 1 year(s)."

However, when I go to YA logged in as this user, it states that I am not subcribed. Since I do not have ads on this site, maybe that's the reason... Confused

So, even though I get the text Access Denied in the upper left corner, at least some of the functions seem to work.

Posted: Wed Apr 23, 2008 8:08 am

Hmmm. It seems that I am able to make changes to user accounts through the Edit Users interface (albeit subscription changes do not appear to stick); I am able to change Name, Email, etc. Also, when I click the "Save Changes" button, I am returned to the Admin Menu rather than the Edit Users Menu. Otherwise, other than the fact that I get "Access Denied" on top the page, all seems to work... Confused

So, what Access is Denied?

Posted: Wed Apr 23, 2008 10:08 am

Okay. I'm no longer sure how this came about (not that I ever was sure Laughing

), whether it was upgrading to 7.6, or installing NSN GR, but it turns out that Edit Users is not the only admin module that has this issue. It doesn't really seem to stop me from admin tasks, but I now wonder about security.

I'm not a scripting expert, but here's what I found:

Some admin/modules such as users.php have the following code:

Quote:

if ( !defined('ADMIN_FILE') )
{
die ("Access Denied");
}
global $prefix, $db;
$aid = substr("$aid", 0,25);
$row = $db->sql_fetchrow($db->sql_query("SELECT radminuser, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
if (($row['radminuser'] == 1) OR ($row['radminsuper'] == 1)) {

If I replace it with this code that seems to work (doesn't display "Access Denied"):

Quote:

if ( !defined('ADMIN_FILE') )
{
die ("Access Denied");
}
global $prefix, $db, $admin_file;
$aid = substr("$aid", 0,25);
$row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper FROM " . $prefix . "_authors WHERE aid='$aid'"));
if ($row['radminsuper'] == 1) {

Then the "Access Denied" goes away, but the page no longer seems to point at the language file (ie; User's Administration becomes _USERADMIN).

Does this make any sense?

Posted: Wed Apr 23, 2008 11:33 am

pizzafiend, I would reset your files back to where they were prior to installing NSN Groups and make sure everything is working properly first. This is sounding like a mismatch in code that is patched vs. code that is not.

Also, unfortunately, NSN Groups is very old and the instructions are also quite out of date, so it is possible that you are making certain replacements that maybe you need to revise a bit.

If you are just starting out with your site, I would recommend switching to RavenNuke instead as we already have all of this integrated into it, up to the latest patches, and even more bug fixes and patched on top of that that the team finds. Just a thought... Wink

Posted: Wed Apr 23, 2008 12:41 pm

Montego, I'll try restoring with my backups.

My site started life at 6.8 and had been patched to 6.8.3.5. I then recently upgraded from there to 7.6.3.5a, so perhaps you're right; some of the NSN GR instructions had me going in the wrong direction or are incomplete. I did notice that there were significant differences in block-Modules.php as compared to the required edits.

I had tried RN 2.20.01 when it came out a month or so ago, but unfortunately some of the themes I use did not seem to work aesthetically. In particular, the position of my logo was off in Solaris and other themes, so I cut bait. Sad

Posted: Wed Apr 23, 2008 2:03 pm

Montego,

I've restored to 7.635a w/o NSN Groups and the problem remains, so now that I'm sure I'm off topic, I'll search elsewhere. OffTopic

Thanks,
PizzaFiend

Posted: Thu Apr 24, 2008 12:33 am

Because of what you would gain in both security and productivity, I would highly recommend going back to RN 2.20.01 spend your time and energy of tweaking your theme. We have not made any major changes that should affect your theme that much. And we have enough theme expertise on the support Team to help you Wink

Posted: Thu Apr 24, 2008 7:42 am

Raven,

That does sound like the best option at this point. You'll likely see more of my newbie posts in the RN Forums soon. Very Happy

Thanks,
PizzaFiend

Posted: Thu Apr 24, 2008 12:25 pm

Looking forward to it Wink

!