problem with isadmin

[slybaby]

I do a simple check:

Code: Select all

require_once "src/phpfreechat.class.php";
$params['serverid'] = md5(__FILE__);

if( isset($_GET['x']) && $_GET['x']=='y' ){
    $params["nick"] = 'admin' . rand(1, 10);
    $params["isadmin"] = true;
}else{
    $params["nick"] = 'guest' . rand(1, 100);
    $params["isadmin"] = false;
}

$chat = new phpFreeChat($params);

the 'nick' is set correctly, but the 'isadmin' is not.

if the admin is the first in the chat (by way of ?x=y), he and everybody else that come later (guests - directly on index.php) are made admins.

if a guest is first in the chat (directly on index.php), he and everybody else (including admins - index.php?x=y) have isadmin=false and are not admins.

after each test, i deleted the cookies from browsers (from different machines), closed the browsers, and deleted the cache from server (/private/chache, chat, logs; /public/themes/).

it seems that isadmin is a chat property and set up on first visit, not a visitor property and not set up on case by case.

is this a bug, or am i doing something wrong?

so, i want to set up 'isadmin' based on some conditions, and i do not want to use 'admins' and /identify.

can anyone help me?
thank you in advance.

and btw, this is an awesome project.

[OldWolf]

I think admin is setup as a session... untill you close the browser you will retain admin.

Incidentally, that's an extremely insecure way of granting admin.

[slybaby]

thanks for replying.

first, that is not the way of getting admin, is just for testing purposes, to simply set 'isadmin' conditionally.

i tried setting the SESSION.

here is the whole index.php, the only file from the distribution (last one as of now, phpfreechat-1.0-final.zip) that is changed.

Code: Select all

<?php
session_start();
$_SESSION = array();//with or without this line is the same

require_once dirname(__FILE__)."/src/phpfreechat.class.php";
$params = array();
$params['serverid'] = md5(__FILE__);

if(isset($_GET['x']) && $_GET['x']=='y'){
   $_SESSION['nick'] = 'admin'. rand(1,100);
   $_SESSION['isadmin'] = true;
}else{
   $_SESSION['nick'] = 'guest'. rand(1,100);
   $_SESSION['isadmin'] = false;
}

$params['isadmin'] = $_SESSION['isadmin'];
$params['nick'] = $_SESSION['nick'];

$chat = new phpFreeChat($params);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Chat</title>
</head>

<body>
    <?php $chat->printChat(); ?>
</body>
</html>

at each reset, i go to another url in both browsers, delete the cookies from browsers, delete de sessions from server, delete /private-cache,chat,logs and /public-themes

browsers used: firefox and opera, last versions, on xp. server xp php5.
entered from different machines, server, different machine (in total 3 machines used, i'm running out of hardware)

when connected as admin (first in chat came via index.php?x=y) '/debug globalconfig' shows 'isadmin'=true on both users, and '/debug userconfig' has 'nick', 'channels', 'privmsg', 'active', 'timeout', 'serverid' = '', false or NULL and
'nickid' is unique for each user.

if first one arrived via index.php (no GET), 'nick' is set up correctly, but 'isadmin' is false for everyone.

Later edit:
i saw OldWolf's suggestion on another topic and added this below the chat

Code: Select all

<?php
echo '<h2>Debug</h2>';
echo '<pre>';
$c =& pfcGlobalConfig::Instance();
echo '<h3>pfcGlobalConfig::Instance</h3>';
print_r($c);
$u =& pfcUserConfig::Instance();
echo '<h3>pfcUserConfig::Instance</h3>';
print_r($u);
echo '<h3>$_SERVER</h3>';
print_r($_SERVER);
echo '<h3>$_SESSION</h3>';
print_r($_SESSION);
echo '</pre>';
?>

first entered via index.php?x=y, second via index.php

$_SESSION: 'nick' and 'isadmin' set up correctly
pfcuserconfig_xxxx_nick|active|channels|privmsg (set by chat) empty or empty array.

pfcUserConfig:Instance: same as '/debug userconfig': all empty except 'nickid'

pfcGlobalConfig:Instance: set up correctly for both: 'nick'=admin49 and 'isadmin'=1 for first, 'nick'=guest7 and 'isadmin'=0 for second.

and here comes trouble:
'/debug globalconfig':
at both, isadmin=true
at both nick=adminXX, XX changes every time '/debug globalconfig' is executed and is different for each user (rand(1,100)).

LATER EDIT 2:
and i tried another thing:
exited both users (disconnect from chat, went to another url, delete cookie, close browser)
NOT deleted the cache (server left untouched)

entered first user via index.php (no GET) - nick guest92, and is admin
(looked in temp folder, new session created, not using an old one)

pfcGlobalConfig:Instance and SESSION - 'nick'=guest92, 'isadmin' = empty

'/debug globalconfig' - nick=admin73, isadmin=true
another '/debug globalconfig' - nick=admin94, isadmin=true

i didn't entered with the second user via x=y, seemed pointless.

i really am loosing my mind here, please help me out, it's the 4'th day i lost with this 'isadmin'

it seems to me there is a problem in javascript, somewhere is set up the 'isadmin' from client?
'/debug globalconfig' recreates pfcGlobalConfig each time is executed?

[slybaby]

i found the 'problem'.

it was 'server_script_path' witch has any GET request in it, and is a chached parameter.
i resolved it by checking admin rights in another directory, set a session variable, redirect in main chat, and in index.php check the session variable and set the parameters accordingly.

i still find it odd that '/debug globalconfig' sets up a new nick every time is executed (it acts like a rehash ? ).
i set up $params['nick'] = $_SESSION['nickname'] . rand(1,10); for testing purposes; got logged in with mynick8, for example, and every time i do '/debug globalconfig', it shows me 'pfcGlobalConfig..... nick => mynickX ...', with X different each time.

anyway, this is a great script, and i'm looking forward for its future versions.

[OldWolf]

I'm sorry, I should have thought of your server script path (I've delt with that value a lot lately)... it just never occured to me the system would try to store the admin value on the path, but of course it was, that's the purpose of that path. :/

Glad you worked it out though.

[softwareNerd]

We're seeing a similar issue on our forum. After reading this thread, I still don't understand the cause. What is being cached? Is it all the params? some of the params? something else?

Does this mean that one must have one "main" script that users run when they enter chat, which will set the param['isadmin'], and then a different script that they will hit via the AJAX calls?

Any help would be appreciated.