Skip to Content Skip to Menu

[#3201] Not Authorized when editing in backend

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
12 years 7 months ago #198041 by krileon
Replied by krileon on topic Re: Not Authorized when editing in backend
That's not necessarily a bug. It results in GID being missing so it's always going to cause authorization checks to fail. The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • ndee
  • ndee
  • OFFLINE
  • Posts: 25
  • Thanks: 5
  • Karma: 19
12 years 7 months ago #198146 by ndee
Replied by ndee on topic Re: Not Authorized when editing in backend
What do you mean by GID? As mentioned in the bug report, if params field is missing then there are no "approved" and "confirmed" vars submitted with the form and the security check on line 117 of administrator/components/com_comprofiler/controller/controller.user.php fails.

For me, if I can "configure" a software to break somehow it is a bug and this is the case. If the params field is moved to a tab wich is not published CB does not work anymore in backend. Your opinion may differ.
###################
SPEED UP HELP, read first: Help us help you
###################

Please Log in or Create an account to join the conversation.

  • nant
  • nant
  • OFFLINE
  • Posts: 12339
  • Thanks: 1467
  • Karma: 877
12 years 7 months ago #198159 by nant
Replied by nant on topic Re: Not Authorized when editing in backend

ndee wrote: What do you mean by GID? As mentioned in the bug report, if params field is missing then there are no "approved" and "confirmed" vars submitted with the form and the security check on line 117 of administrator/components/com_comprofiler/controller/controller.user.php fails.

For me, if I can "configure" a software to break somehow it is a bug and this is the case. If the params field is moved to a tab wich is not published CB does not work anymore in backend. Your opinion may differ.


I agree that there is way too much flexibility and users can mess things up by not doing things properly.

As Kyle said:

The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).

--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting

Visit my CB Profile - Send me a Private Message (PM)

Please Log in or Create an account to join the conversation.

  • ndee
  • ndee
  • OFFLINE
  • Posts: 25
  • Thanks: 5
  • Karma: 19
12 years 7 months ago #198164 by ndee
Replied by ndee on topic Re: Not Authorized when editing in backend

nant wrote: As Kyle said:

The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).


Ok, which option? "Fields Validation"? If set to no, it does not solve the problem. The other options do not seem related? Please be clear which option set to what.

I can just say it a third time. If the params field is on an unpublished tab the security check fails because the $_POST data vars "approved" and "confirmed" are missing.
###################
SPEED UP HELP, read first: Help us help you
###################

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
12 years 7 months ago #198186 by krileon
Replied by krileon on topic Re: Not Authorized when editing in backend

Ok, which option? "Fields Validation"? If set to no, it does not solve the problem. The other options do not seem related? Please be clear which option set to what.

Set "Allow user to edit his CMS parameters in frontend" to "No" and it won't show those fields anymore on frontend.

I can just say it a third time. If the params field is on an unpublished tab the security check fails because the $_POST data vars "approved" and "confirmed" are missing.

It's not supposed to be on an unpublished tab. It must always be present. It contains hidden fields that are set by the Params field that are vital to a users storage such as approval, confirmation, and GID(s).

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • ndee
  • ndee
  • OFFLINE
  • Posts: 25
  • Thanks: 5
  • Karma: 19
12 years 7 months ago - 12 years 7 months ago #198280 by ndee
Replied by ndee on topic Re: Not Authorized when editing in backend
Ok, now I understand. We are talking about different things. I was talking about the BACKEND. Even Super Administrator can't edit/save users or even his own profile in backend if the params field is on unpublished.

It might help if you just take a look at the mentioned source code. Therefore I suggested that the approved and confirmed params get by default included into backend edit. But maybe there is a better solution.

But I take it as it is. I can't waste more time making my point if you are unwilling to see the problem or even try to reproduce my error. This bug already took too much time and frustration. Take it or leave it.
###################
SPEED UP HELP, read first: Help us help you
###################
Last edit: 12 years 7 months ago by ndee.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum