New ProjectSelector breaks login form


Jan 25, 2007
Jan 25, 2007 / ganesh
Jan 5, 2009 / phsouzacruz

Attached files

No files uploaded
Recent changes introduced the project selector feature and in particular this line of code:

from render/render_page.inc.php, line 230

 'html'=> "<span id=projectselector>&nbsp;</span>" . buildProjectSelector(),

Unfortunately, function buildProjectSelector() needs a correct value in $auth to produce the list of "my projects". We don't have such thing while displaying the login form (and possibly also for anonymous users).

also see:

Issue report

Have not tried
  1. get a fresh install of v0.0783 (svn trunk revision 265)
  2. login form breaks with a database error. Error.php contains the forllowing info:
   v0.0783, loginForm, from,  uri:/streber/index.php

ERROR:        db/db.inc.php :  38 Database exception. Please read <a href=http://streber.pixtur.de/index.php?go=taskView&tsk=1272'> next steps on database errors.</a>
                db/db.inc.php : 250 -> MysqlException::__construct("Querry=SELECT DISTINCT i.*, p.")
     db/class_project.inc.php :1025 -> DB_MysqlStatement::execute("", int1)
     db/class_project.inc.php :1133 -> Project::queryFromDb("SELECT DISTINCT i.*, p.* from ")
   render/render_misc.inc.php : 349 -> Project::getAll([0])
   render/render_page.inc.php : 230 -> buildProjectSelector()
          pages/login.inc.php :  75 -> Page::__construct([1])
std/class_pagehandler.inc.php : 719 -> loginForm()
                    index.php : 247 -> PageHandler::show("loginForm")

     Variables in __construct():
                      message = Querry=SELECT DISTINCT i.*, p.* from project p, projectperson upp, company c, item i^M
                        upp.person = ^M
                    AND upp.state = 1^M
                    AND upp.project = p.id^M
                    AND   p.status <= 3^M
                    AND   p.status >= 0^M
                    AND   p.state = 1^M
                    AND   i.id = p.id^M
                                   AND (p.company = c.id OR p.company = 0)^M
                ORDER BY prio, name

                         code = NULL
                      sql_obj = OBJECT
                  mysql_error = You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND upp.state = 1^M
                    AND upp.project = p.id^M
             ' at line 4
Login form should display correctly
Show projectSelector only for logged users.


binder:we changed the

12 years ago (3. update 12 years ago)

don't know, if burger already commited it, but we changed with a quick hack:

the >'< bei upp.person = '{$auth->cur_user->id}': have been added

from class_project.inc.php line 1099

                "SELECT DISTINCT i.*, p.* from {$prefix}project p, {$prefix}projectperson upp, {$prefix}company c, {$prefix}item i
                        upp.person = '{$auth->cur_user->id}'
                    AND upp.state = 1

                    AND upp.project = p.id

                    AND   p.status <= ". intval($status_max) ."
                    AND   p.status >= ". intval($status_min) ."
                    AND   p.state = 1
                    AND   i.id = p.id
					AND (p.company = c.id OR p.company = 0)
                ". getOrderByString($order_by) ;
But of course, best should be to fill the variable $auth->cur_user->id with value=0?

ganesh:Reply to we changed the

12 years ago (2. update 12 years ago)

But of course, best should be to fill the variable $auth->cur_user->id with value=0?

Don't know if that's a good idea, but if we do it, it should be decided consistently throughout the whole project that $auth->cur_user->id == 0 means "anonymous user". In fact, having "anonymous user" defined as $auth->cur_user == NULL as it is now can potentially be helpful in spotting minor mistakes such as this one. In fact, there's no point in running an SQL query to show an empty project list to an anonymous user. I was thinking more about this kind of fix:

from render/render_page.inc.php

                // <<< block omitted for brevity here
                "projects"      =>array(
                'target'    => $PH->getUrl('projList',array()),
                'title'     =>__("<span class=accesskey>P</span>rojects"),
                // 'html' filled below
                'tooltip'   =>__('Your projects. Alt-P / Option-P'),
                'bg'        =>"projects",
                'accesskey' =>'p'
                // <<< block omitted for brevity here
        // project selector is available only to logged users
            $this->tabs["projects"]["html"] = "<span id=projectselector>&nbsp;</span>" . buildProjectSelector();

pixtur:sorry for late reply...

12 years ago

I had not much time for streber recently.

I would suggest to simply check wether the auth field is already been initialized. I would extend ganesh's solution to:

global $auth;
if($auth && $auth->cur_user && $auth->cur_user->id) {

The convention id == 0 -> anonymous user is no good idea. Actually it is even wrong, because the anonymous user MUST HAVE an non zero id. Remember: it is just a normal user that can be assigned to projects etc. The only difference to normal users is, that he is automatically logged in.