| Author |
Message |
steak
New Member
Joined: Sep 18, 2006
Posts: 3
|
 Posted:
Sun Dec 31, 2006 10:04 am |
|
Notice: Undefined offset: 1 in /home/ravennuk/public_html/modules/Your_Account/index.php on line 934
when clicking Logout without being signed in |
| |
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Sun Dec 31, 2006 1:44 pm |
|
I take it this is when using the logout from the top "bar" in the fisubice theme? Normally you don't get a chance to logout if you aren't logged in but I think leaving it exposed and essentially hardcoded on the theme header is what's causing this. I just wanted to confirm that this is how it happened because I wasn't able to simulate it using other themes on my test site.
I can see where the problem occurs in your account, it tries to decode a cookie for a user and there is none. However, the weighty question for Raven is whether it would be better to capture this at the theme level and prevent it from ever getting to your account. |
| |
|
|
|
steak
|
| Posted:
Sun Dec 31, 2006 1:49 pm |
|
Yes that's exactly right, it was the top bar in fisubice. Sorry for not clarifying that in the first place. |
| |
|
|
|
|
fkelly
|
| Posted:
Sun Dec 31, 2006 2:10 pm |
|
No problem, if I had to guess Raven will just choose to remove the logout button if $username = anonymous. Part of the top bar already sets precedent for that by only showing the admin menu if the user is an admin. And there is already logic for testing whether the $username = anonymous so it's a straight shot.
Good catch. |
| |
|
|
|
|
fkelly
|
| Posted:
Sun Dec 31, 2006 2:23 pm |
|
Sometimes I think it might help to post something about this testing process so that all can appreciate what it takes Raven and his team to get to 2.10. After the above I started to go thru the other themes to see if any others had hard coded logout buttons on the top line. Well the problem only occurs as anonymous. And uou can't be on as anonymous and flip thru the themes because you have to go to your account to do so and you don't have an account. So I had to be logged on in another window as admin and keep changing the default theme for the test site in preferences so the anonymous in the other window would be able to try the different themes. Got to 3d Fantasy and there was a notice error with anonymous that we'd never noticed. Fixed that after a couple tries and went to change preferences to the next theme. Well somehow I logged out of the admin session on my admin window and went to click on admin in the other window and got myself banned by sentinel from my own site. So now that's where it stands. Recovering from it is not big deal due to phpmyadmin and knowing where the banned ips go but if anyone is wondering why it takes so long to get a release out ... |
| |
|
|
|
|
gotcha
Regular
Joined: Mar 14, 2005
Posts: 91
|
| Posted:
Sun Dec 31, 2006 2:46 pm |
|
Just a thought, but shouldn't the logout routine contain something like this...
cause even if the link isn't there doesn't mean it won't get accessed....
Code:
if (!is_user($user))
{
header('Location: index.php');
}
|
|
| |
|
|
|
|
fkelly
|
| Posted:
Sun Dec 31, 2006 3:04 pm |
|
Not sure what you mean gotcha. If there is no link to your account for logging out on the theme how would they access it? It's always my belief that the most user-friendly approach is to catch these things before they happen. If someone is anonymous and they are visiting the site then they have no option to log out so you shouldn't present it to them. That sure beats giving them the link and letting them try it and then programming some clever "nah nah, you can't do that stupid, you are anonymous". |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sun Dec 31, 2006 9:03 pm |
|
I see where you are going with that gotcha - if the user is anonymous and they try to cheat by typing the url directly in the browser it would take them back to index rather than trying to process the log-out function - even though it fail any way. |
| |
|
|
|
fkelly
|
| Posted:
Mon Jan 01, 2007 8:20 am |
|
Well, yes, I suppose if a user is crazy enough to go up to the address bar and type: "http://yoursite.com/html/modules.php?name=your_account&op=logout" they could generate an error. And I suppose your_account should be programmed to protect against this.
Still I think the more important point is that the logout option shouldn't be shown in the header of a theme for someone who is not logged in. That's inviting them to make a mistake. If I only had time to correct one of the two "errors" I'd correct the second one first -- and am working on it. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Jan 01, 2007 12:41 pm |
|
I modified the routine in Your_Account/index.php. See if that gets rid of the Notice. |
| |
|
|
|
|
fkelly
|
| Posted:
Mon Jan 01, 2007 1:16 pm |
|
Well first time I tried it, it didn't work. But of course that was because I hadn't downloaded the change nor uploaded it to my site. Now it works  |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jan 01, 2007 3:02 pm |
|
gotcha,
I'll probably incorporate your routine or a slight variation. Thanks! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
