Keep Getting Access Denied w/ New Module.

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Keep Getting Access Denied w/ New Module.
suttercain
CZ Newbie
suttercain has been a member for over 18 year's 18 Year Member
Gender: Male
Status: Offline
Joined: Aug 14, 2006
0.00 posts per day
Posts: 1
Points: 0
   
I just installed a module and when it shows up on the admin page I click it, it takes me to a page that reads "Access Denied" That the dilly yo? PS. It's the "access denied" from then end of this code (see below) that pops up. Thanks.
Shannon



<?php
if (!defined('ADMIN_FILE')) { die ("Access Denied"); }
$result = mysql_query("select rsuper from ".$prefix."_authors where aid='$aid'");
list($rsuper) = mysql_fetch_row($result);
if ($rsuper==1)
{
function dvdmod_main($title, $description) {
    global $prefix, $dbi, $multilingual;
    $title = stripslashes(FixQuotes($title));
    $description = stripslashes(FixQuotes($description));
    sql_query("update ".$prefix."_4ndvddb_main set title='$title', description='$description'", $dbi);
    Header("Location: admin.php?op=dvdreviews");
}
function dvdreviews() {
    global $prefix, $dbi, $multilingual;
    include ("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class="title"><b>"._4ndvdatitle."</b><br>"._4ndvd001."</font></center>";
    CloseTable();
    echo "<br>";
    $resultrm = sql_query("select title, description from ".$prefix."_4ndvddb_main", $dbi);
    list($title, $description) = sql_fetch_row($resultrm, $dbi);
    OpenTable();
    echo "<form action=".php" method="post">"
        ."<center>"._4ndvd002."<br>"
        ."<input type="text" name="title" value="$title" size="50" maxlength="100"><br><br>"
        .""._4ndvd003."<br>"
        ."<textarea name="description" rows="15" wrap="virtual" cols="60">$description</textarea><br><br>"
        ."<input type="hidden" name="op" value="dvdmod_main">"
        ."<input type="submit" value=""._4ndvd004."">"
        ."</form></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center><font class="option"><b>"._4ndvd005."</b></font><br>";
    $result = sql_query("select * from ".$prefix."_4ndvddb_add order by id", $dbi);
    $numrows = sql_num_rows($result, $dbi);
    if ($numrows>0) {
        while(list($id, $date, $title, $text, $reviewer, $email, $score, $url, $url_title, $rlanguage) = sql_fetch_row($result, $dbi)) {
            $title = stripslashes($title);
            $text = stripslashes($text);
            echo "<form action=".php" method="post">"
                ."<hr noshade size="1"><br><table border="0" cellpadding="1" cellspacing="2">"
                ."<tr><td><b>"._4ndvd006.":</td><td><b>$id</b></td></tr>"
                ."<input type="hidden" name="id" value="$id">"
                ."<tr><td>"._4ndvd007.":</td><td><input type="text" name="date" value="$date" size="11" maxlength="10"></td></tr>"
                ."<tr><td>"._4ndvd008.":</td><td><input type="text" name="title" value="$title" size="25" maxlength="40"></td></tr>";
            if ($multilingual == 1) {
                echo "<tr><td>"._4ndvd009.":</td><td>"
                    ."<select name="rlanguage">";
                $handle=opendir('language');
                while ($file = readdir($handle)) {
                    if (preg_match("/^lang-(.+).php/", $file, $matches)) {
                        $langFound = $matches[1];
                        $languageslist .= "$langFound ";
                        }
                }
                closedir($handle);
                $languageslist = explode(" ", $languageslist);
                sort($languageslist);
                for ($i=0; $i < sizeof($languageslist); $i++) {
                    if($languageslist[$i]!="") {
                        echo "<option value="$languageslist[$i]" ";
                        if($languageslist[$i]==$rlanguage) echo "selected";
                        echo ">".ucfirst($languageslist[$i])."</option>n";
                    }
                }
                echo "</select></td></tr>";
            } else {
                echo "<input type="hidden" name="rlanguage" value="$language">";
            }
            echo "<tr><td>"._4ndvd010.":</td><td><TEXTAREA name="text" rows="6" wrap="virtual" cols="40">$text</textarea></td></tr>"
                ."<tr><td>"._4ndvd011."</td><td><input type="text" name="reviewer" value="$reviewer" size="41" maxlength="40"></td></tr>"
                ."<tr><td>"._4ndvd012.":</td><td><input type="text" name="email" value="$email" size="41" maxlength="80"></td></tr>"
                ."<tr><td>"._4ndvd013."</td><td><input type="text" name="score" value="$score" size="3" maxlength="2"></td></tr>";
            if ($url != "") {
                echo "<tr><td>"._4ndvd014.":</td><td><input type="text" name="url" value="$url" size="25" maxlength="100"></td></tr>"
                    ."<tr><td>"._4ndvd015.":</td><td><input type="text" name="url_title" value="$url_title" size="25" maxlength="50"></td></tr>";
            }
            echo "<tr><td>"._4ndvd016.":</td><td><input type="text" name="cover" size="25" maxlength="100"><br><i>"._4ndvd017."</i></td></tr></table>";
            echo "<input type="hidden" name="op" value="dvdadd_review"><input type="submit" value=""._4ndvd018.""> - [ <a href=".php?op=deleteNotice&amp;id=$id&amp;table=".$prefix."_4ndvddb_add&amp;op_back=dvdreviews">"._4ndvd019."</a> ]</form>";
        }
    } else {
            echo "<br><br><i>"._4ndvd020."</i><br><br>";
    }

// Aendere dies in den Verzeichnisnamen dieses Addons/Moduls
// Set this to the directory name for this addon/module
$module_name = "4ndvddb";

    echo "<a href="modules.php?name=$module_name&rop=add_dvd">"._4ndvd021."</a></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center><font class="option"><b>"._4ndvd022."</b></font><br><br>"
        .""._4ndvd023."</center>";
    CloseTable();
    echo "<br>";
# START - DO NOT REMOVE OR EDIT THE FOLLOWING COPYRIGHT LINES
    OpenTable();
    echo ""._4ndvddbversion."";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center>"._4ndvddbcopy."</center>";
    CloseTable();
# END - DO NOT REMOVE OR EDIT THE FOLLOWING COPYRIGHT LINES
    include ("footer.php");
}
function dvdadd_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage) {
    global $prefix, $dbi;
    $title = stripslashes(FixQuotes($title));
    $text = stripslashes(FixQuotes($text));
    $reviewer = stripslashes(FixQuotes($reviewer));
    $email = stripslashes(FixQuotes($email));
    sql_query("insert into ".$prefix."_4ndvddb values (NULL, '$date', '$title', '$text', '$reviewer', '$email', '$score', '$cover', '$url', '$url_title', '1', '$rlanguage')", $dbi);
    sql_query("delete from ".$prefix."_4ndvddb_add WHERE id = $id", $dbi);
    Header("Location: admin.php?op=dvdreviews");
}
switch ($op){
    case "dvdreviews":
    dvdreviews();
    break;
    case "dvdadd_review":
    dvdadd_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage);
    break;
    case "dvdmod_main":
    dvdmod_main($title, $description);
    break;
}
} else {
    echo "Access Denied";
}

?>



Back to top Reply with quote
#2   re: Keep Getting Access Denied w/ New Module.
floppydrivez
CZ Addict
 Codezwiz Site Donator
floppydrivez has been a member for over 18 year's 18 Year Member
usa.gif mississippi.gif
Occupation: graphic design
Age: 43
Gender: Male
Website:
Status: Offline
Joined: Feb 26, 2006
0.08 posts per day
Posts: 518
Points: 4,848
AIM Address Yahoo Messenger MSN Messenger 
What module?

Is it public and can we get a link to site?



Back to top Reply with quote
#3   re: Keep Getting Access Denied w/ New Module.
floppydrivez
CZ Addict
 Codezwiz Site Donator
floppydrivez has been a member for over 18 year's 18 Year Member
usa.gif mississippi.gif
Occupation: graphic design
Age: 43
Gender: Male
Website:
Status: Offline
Joined: Feb 26, 2006
0.08 posts per day
Posts: 518
Points: 4,848
AIM Address Yahoo Messenger MSN Messenger 
just a thought remove these lines, not sure if that will work so back it up. Just a crazy idea.

}
} else {
    echo "Access Denied";



Back to top Reply with quote
#4   
pnclthnmstsh
CZ Active Member
pnclthnmstsh has been a member for over 20 year's 20 Year Member
usa.gif nevada.gif
Age: 53
Gender: Male
Website:
Status: Offline
Joined: Sep 17, 2004
0.04 posts per day
Posts: 267
Points: 13,641
   
Not a good idea and won't work anyway. Depending on the module you admin file is going to be in ROOT/admin/modules/NAME OF YOUR MODULE or modules/YOUR MODULE/admin/index.php

Real close to the beginning of the file you'll see the checks to find out if you're an admin. That little section of script is probably going to be right after (that line may look different):

if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }


That's the first check to make sure you're accessing the file in the proper way. The next line checks to see if you're an admin...replace it with this:

$result = $db->sql_query("select radminsuper from ".$prefix."_authors where aid='$aid'");
list($radminsuper) = $db->sql_fetchrow($result);
if ($radminsuper==1) {

This makes sure that only SUPER admins can access the file.

Like I said...the line you need to change varies from mod to mod but this will work to remove that error and keep you secure.



_________________
[ Register or login to view links on this board.]
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum