Could not obtain moderator status

Posted: Sun May 31, 2009 8:37 pm

Hello guys

I found this error on Admin Control Panel in Forums when I give permissions

Code:

Could not obtain moderator status





DEBUG MODE





SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND aa.group_id = ug.group_id AND aa.auth_mod = 1 GROUP BY ug.user_' at line 3





SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod FROM nuke_bbauth_access aa, nuke_bbuser_group ug WHERE ug.user_id IN () AND aa.group_id = ug.group_id AND aa.auth_mod = 1 GROUP BY ug.user_id





Line : 561


File : admin_ug_auth.php

I wonder why this is not solve with this new version of RavenNuke.

Solutions:

Code:

<?php  


//*****  check users and user groups ****//


if (!eregi("modules.php", $PHP_SELF)) {


    die ("You can't access this file directly...");


}


if ($popup != "1"){


    $module_name = basename(dirname(__FILE__));


    require("modules/".$module_name."/nukebb.php");


}


else


{


    $phpbb_root_path = 'modules/Forums/';


}





define('IN_PHPBB', true);


include($phpbb_root_path . 'extension.inc');


include($phpbb_root_path . 'common.'.$phpEx);


include('includes/functions_search.'.$phpEx);





// Start session management


$userdata = session_pagestart($user_ip, PAGE_SEARCH, $nukeuser);


init_userprefs($userdata);


// End session management





$sql = "SELECT user_id, username


    FROM " . USERS_TABLE ."


    WHERE user_id > 0";


if ( !($result = $db->sql_query($sql)) )


{


    message_die(GENERAL_ERROR, 'Could not obtain user list', '', __LINE__, __FILE__, $sql);


}





$liste ='';


while ( $row = $db->sql_fetchrow($result) )


{  


   $username = $row['username'];


   $user_id = $row['user_id'];


   $usergroup = '';


     


   $sql1 = "SELECT ug.group_id  


          FROM " . USER_GROUP_TABLE ." ug, ". GROUPS_TABLE. " g


          WHERE ug.user_id = $user_id


            AND ug.group_id = g.group_id


            AND g.group_single_user  = 1


            ";


               


   if ( ($result1 = $db->sql_query($sql1)) )


   {


       $row1 = $db->sql_fetchrow($result1);


          $usergroup =( ( $row1['group_id'] != '' ) ? $row1['group_id'] : 'User has no user group'.$row1 );


           


   }





          if (!($row1['group_id'] != ''))


          {


               


         $sql2 = "SELECT MAX(group_id) AS total


            FROM " . GROUPS_TABLE;  


         if ( !($result2 = $db->sql_query($sql2)) )


         {


            message_die(GENERAL_ERROR, 'Could not obtain next group_id information', '', __LINE__, __FILE__, $sq2l);


         }





         if ( !($row2 = $db->sql_fetchrow($result2)) )


         {  


            message_die(GENERAL_ERROR, 'Could not obtain next group_id information', '', __LINE__, __FILE__, $sql2);


         }  


         $group_id = $row2['total'] + 1;


           


           


         $sql3 = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)


            VALUES ($group_id, '', 'Personal User', 1, 0)";


         if ( !($result3 = $db->sql_query($sql3, BEGIN_TRANSACTION)) )


         {  


            message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql3);


         }





         $sql4 = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)


            VALUES ($user_id, $group_id, 0)";


         if( !($result4 = $db->sql_query($sql4, END_TRANSACTION)) )


         {


            message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql4);


         }





               


             $usergroup = $usergroup.', adding user group '.$group_id;


          }








   $liste .= ( ( $liste != '' ) ? '<br> ' : '' ) . $username.' <b>'.$usergroup.'</b>';


}





message_die(GENERAL_MESSAGE,'Users:<br>'.$liste);





?>

Copy and Paste The whole code and create a new file with a decent editor and name it fixgroup.php.

Upload it to Forums folder and run it like this

http://your_site.com/modules.php?name=Forums&file=fixgroup

Dont delete the file just rename it with something different and let it there because if you delete it everytime u wanna give other permissions it will appear the same error. I dont know why it happens this but I did it and it creates the same error with last version of Raven Nuke 2.30.01

P.S What I dont understand if RN is concerned about Security why not updated the last version, fix it and upload it again.? Rolling Eyes

Involved Joined: Jul 03, 2006 Posts: 273

You may want to look at this post:

Only registered users can see links on this board! Get registered or login!

It does exactly the same thing as what you are posting about but it also checks your BBgroups and NSN groups are properly synced too. Then it also checks for Duplicate groups and orphaned users and allows and gets rid of them for you. Comes with an interface for choosing what to do to pending users as well as what to set permissions to for Blocks Modules and Downloads should a group be removed. It works pretty well during my testing but I'd love to hear feed back if anyone discovers issues.

Posted: Mon Jun 01, 2009 12:48 am

Thanks for that link. I did search but I didnt notice of this post.lol

Hey duck

I run the script right now and I noticed there are some options like

Set block to ---admin
Set Modules To -------admin

and more

What should I do with that.? Can u please give more details?

Posted: Mon Jun 01, 2009 4:01 am

Well when the Script runs if it finds orphaned NSN groups or groups of the same name it will delete the extra groups from the tables. Problem is you may have assigned those groups to Modules view or blocks view or Downloads Categories view so what it does is goes in and checks and if the orphan group exists in one of those tables it removes them.

If there is more than one group it does nothing but modify those tables recompiled with the remaining groups but if there was only one group (the one that was deleted) then it changes the view based on your choice to either Admin (recommended) or Registered users or All Visitors.

Later you can through and just double check if you like that your modules and blocks and downloads are set to what you want. Most of the time they likely wont change its just when that odd one group was deleted that was orphaned or duplicate.

But it will report to you at the end all the changes it made so you Can double check.

Oh and about the Pending Users. Because Phpbb allows for signup some users may still be pending approval of groups so they are dealt with first. You can either choose to Approve them all automatically or Delete them all automatically. NSN doesn't use pending at this time so its just for the BBgroup users. If you choose aprove then they are added and synced with NSN if you choose delete well .. that's obvious. I would recommend delete and just have users reapply later myself but the choice is yours.

Maybe if I have time coming up I'll improve the Script more. Clean it up add a log system and and more step through choices for approving pending and dealing with the other modules,blocks stuff. But for now it does a quick and dirty trick.

P.S. Don't forget to back up all the tables mentioned just in case! While I did several test this way and that and found no errors it is entirely possible I missed something but be safe and back up in case. I ran this on one of my live sites though which the groups were so messed up in and I was impressed with how many things it fixed. As far as I could tell it worked great. All my permissions are better now and everything.

Posted: Mon Jun 01, 2009 9:33 am

Thanks a lot duck! I appriciate you take care of this issue. Let me know when u make an update. This problem is so old and it is coming all the time. I am sick and tired of forums errors but I love to fix them. lol

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

sexycoder, when you searched, did you find other reports of this problem? If not, why would you assume that it should have been fixed in the latest release of RavenNuke?

Also, I'm not sure how a problem with groups relates to being concerned with security. Can you explain what you meant by that?

Posted: Mon Jun 01, 2009 6:11 pm

Quote:

when you searched, did you find other reports of this problem?

Yeah I found it but I wasnt happy with that. I wanted a better explanation why this error is still coming all the time. I asked that because I noticed in this version of RavenNuke 2.30.01(last version) problem persist. There are lots of exploits which call part of the forums but who knows. hackers have eagle eyes.

I runned this fix but I didnt delete it. I just renamed it again because u will need it again. I would like that Raven and all the theme take a look on this.

For example I found this error on many forums but Raven already fixed this one.

Code:

Error in obtaining userdata





DEBUG MODE





SQL Error : 1054 Unknown column 'user_login_tries' in 'field list'





SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM nuke_users WHERE username = 'sexycoder'





Line : 85


File : login.php

When u login on this u login just in the forum but your membership block stay offline. Is there any fix or solution you login on the forum and the same time u login on the membership block?

Another issue

I read some posts here where they talk about NOT TO INCLUDE MANY MODULES ON RAVEN DISTRO.

Why not?

Why not fix and secure those modules in order to have more extra posibilities on nuke. Do you think people will just stay with the same distro without adding anything?

I vote to make Raven Xtreme and the modules apart to install them or not optional but make it compatible with Raven. How many modules are there without secutity wholes. Old dbi and of course html instead of XHTML which Raven use. We could be asking all the time how to convert a module and all the time asking and asking.

For example themes and design are ugly. in my opinion I dont like it. Why not implement some new tecnology. Highligh. lightbox in some Flash Gallery Video modules. Make them more easy and beautiful so people who abandon phpnuke come again.

As for themes I can tell you something.

Lots of designer dont take into account Dark themes are BORING and in my opinion I can not stay more than one minute in a site like that. There are so many things on nuke that should change to bring those people who abandon it.

I do want to participate if there is another updagrade or new version but I have so many ideas to make a perfect nuke. Rolling Eyes

Posted: Mon Jun 01, 2009 8:37 pm

Yeah, this sounds like a similar discussion we had with your predecessors: hicux and robertosunaki. Let's hope this doesn't end up like those discussions and stays focused on making a better CMS.

Maybe you can explain what you found because I'm still not clear what problem causes the need for the fixgroup script. That's probably because I don't focus on the forums much, but it would certainly help everyone to have a clear understanding of the issue. We typically fix all known issues in each release, so if this is really an issue with RN, let's shine the light on this to squash it before the next release.

As for the login issue, I am not aware of this issue with RN, but if it can be recreated, it will be fixed.

As for including every available module with RavenNuke, we have focused on making the core strong and adding enhancements as we can. We do add modules, but won't add every available module and theme unless there is demand for that - and resources to make sure it's secure, compliant, etc. That certainly doesn't mean available modules won't work with RavenNuke. And no one (at least no one on the development team) believes that RN (or any distribution, for that matter) will have everything everyone wants. The "Xtreme" dream is a pipe dream because people always want something more and different, and maintaining a distribution that has everything but the kitchen sink just isn't practical (for example, look at the many who've tried).

That said, we are certainly open to adding themes and testing addons to work with RN. Nuken developed enhancements to have lightbox functionality easily with RN. Over time, and where it makes sense, we may include them as extras, integrate them with the core functionality, or simply agree that they work (or not) with RN, but aren't desired by most users.

Feel free to suggest or contribute themes, addons, or ideas to help improve RavenNuke - we are definitely listening to positive suggestions, constructive criticism and - we can always use and welcome whatever positive help anyone can contribute. Working with this great team, I've learned to see different perspectives - some of my ideas were accepted and others were either improved or replaced by better ideas. That's the benefit of the approach we use to improve RavenNuke. Everyone contributes improvements in whatever ways they can - designing, developing, testing, documenting, supporting...

Posted: Tue Jun 02, 2009 2:12 am

sexycoder - I just have one question.
The error you mention regarding the missing field column user_login_tries I have just done three fresh installations, and am not able to reproduce this error.
Can you please confirm if you are getting this error on a clean install or are you upgrading to RavenNuke (tm) from some other distribution?
If I remember correctly, this field was added as part of a phpBB bug fix almost two years ago around version 2.0.19

I have also just checked the sql file for the installer and the field is clearly there

Code:

`user_login_tries` smallint(5)]

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

sexycoder wrote:

I vote to make Raven Xtreme and the modules apart to install them or not optional but make it compatible with Raven.

What does this mean? What are you trying to say?

Posted: Tue Jun 02, 2009 9:03 pm

Guardian2003. Sorry if we misunderstood. I just put an example that RN already fixed this problem. Mean if you login ONLY in the forum then you dont get this problem but before we got it. Another thing I notice is when I loging from the forum is different from Membership Block, mean you are not able to login normally like we use to do on the right or left membership block.

Hi Raven.

What I tried to say is I would like to see Raven Nuke Xtreme with more optional stuff.

For example.

Why do we need 4 modules for differnts things instead of 1 module with photos, videos and music. I mean with this not get rid of things we think we compromise the secutity of Raven. It is like if something is not working or has secutity wholes then we put them in the garbage. Why not fix them and make it more easy and implemented on RN with the same secutity like other modules. Why not make one theme and the options to just change the colors from the background, headers, right and left side. Every time we need to mod the forum we need to mod the theme. It is always a boring work and not efficient.

I request to make almost all the important mods to the forums with different colors or design but nothing to do with themes. Themes will adjust to that forum so we dont need to make any modification or any mistake.

Do you know how many people mod forums making any distro more insecure. There are many mods we actually dont need and they are unnecessary but there are lots of them very importand for educational thing. I dont want to complaint about the core from RN. I checked almost all the code. U treated it so good. U went deep but not so much with the forum.

I will make a list what I would like to see in Raven Nuke. The most important stuff. Maybe you wont like my request but who knows. I do know this will bring back most of users who went away from Nuke but I also would like Raven Xtreme in a place where people pay a little contribution for the work and the treatment.

Yesterday I see a mod called Youtube highlight attachment. I loved it. Things like that could be nice. Of course, before doing this we should make them very secure. If it is possible with other modules and addons. Why not to others.

I have more ideas but they will come.

As for secutity I just want to make a point. If hackers want they got it. They always can take you down. Believe me. They are so many stuff out there. That is why servers should be ready and alert to make a buckup from the whole site and database as a secutity. Then if something happens they can put your site back in minutes. Users shouldnt do any buckup. They can always take his own buckup and make theme work again.

registered · Posted: Tue Jun 02, 2009 9:37 pm

I always felt like mods and modules should be maintained and supported by the developer and community. One reason I like RavenNuke is that it is not loaded down with a bunch of stuff I won't use. A solid core with basic features is sufficient IMO. It seems that when a CMS tries to do too much and offer every thing and the kitchen sink, quality takes a back seat to quantity. Also developers tend to get burnt out when they overextend themselves.

Posted: Tue Jun 02, 2009 11:20 pm

sexycoder, This is not Raven Nuke Extreme. We are not associated with that in any way. Our product is RavenNuke(tm).

Posted: Tue Jun 02, 2009 11:24 pm

nuken wrote:

I always felt like mods and modules should be maintained and supported by the developer and community. One reason I like RavenNuke is that it is not loaded down with a bunch of stuff I won't use. A solid core with basic features is sufficient IMO. It seems that when a CMS tries to do too much and offer every thing and the kitchen sink, quality takes a back seat to quantity. Also developers tend to get burnt out when they overextend themselves.

Amen to that Wink

! We are trying to get to the point where we offer a core set of functionality and then help support the Community while they develop mods/blocks/etc. With the forthcoming v2.40.00 release we will be building on that roadmap. My goal is that by v2.50.00 we will no longer (necessarily) be adding addons but will be focused and concentrating on solidifying the infrastructure.

Posted: Wed Jun 03, 2009 2:00 am

Quote:

Guardian2003. if you login ONLY in the forum then you dont get this problem but before we got it.

You should not be able to log-in using the forum side as that has been disabled and should automatically redirect you to Your Account. If you are using an old theme, the forum log-in button might still be there but it shouldn't work.

Quote:

Another thing I notice is when I loging from the forum is different from Membership Block, mean you are not able to login normally like we use to do on the right or left membership block.

I'm not entirely sure what you mean by "right or left membership block". There is only one membership block in RavenNuke (tm) and as I mentioned earlier, logging in via the forums is disabled and users should only be able to log-in through the Your Account module.

Quote:

What I tried to say is I would like to see Raven Nuke Xtreme with more optional stuff.

We are not associated with Xtreme and if anyone else is using the name Raven Nuke Extreme they are probably in breach of trademark. But I think what you are actually trying to say is that you would like to see an "Xtreme" version of RavenNuke (tm) which has lots of extra's ???
Unfortunately, that is not something that is going to happen. We are dead set against creating a bloated distribution. Most users do not even use half of the features that are already available so it makes no sense at all to add a lot more.

Most themes and modules will work perfectly well with RavenNuke (tm) but there are some exceptions;
1 Modules that use the $dbi abstraction layer won't work. Module developers have had over 4 years to switch to the $db method (check the warning in mainfile.php on any phpNuke distro from v6.9 onwards).

2 Themes pre phpNuke 7.7 (about) that still use the banners code instead of Advertising module code

There are some very detailed topics on this site how to fix these incompatibility issues but most are as a direct result of developers simply re-hashing old code instead of moving with the times, making their code more secure, more efficient or simply not fully understanding what the code actually does.

Posted: Wed Jun 03, 2009 3:59 am

Thanks for your explanation Guardian. Yeah I would like to see a Xtreme version with lots of extra like mods, addons. U know the most impostant things for educational purpose. There are still lots of people who dont know how to register on a site or even post correctly.