Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Logic flaw in usergroup_permission() function [R]
#1
This is the result of a long thread which I decided to delete and simplify.

Okay...well I have issues with my premium members and PM quotas.

An example of the problem is a user can't recieve PMs.

Okay...here is an example of a permission array:


Quote:Array ( [disporder] => 0 [isbannedgroup] => 0 [canview] => 1 [canviewthreads] => 1 [canviewprofiles] => 1 [candlattachments] => 1 [canpostthreads] => 1 [canpostreplys] => 1 [canpostattachments] => 1 [canratethreads] => 1 [caneditposts] => 1 [candeleteposts] => 1 [candeletethreads] => 0 [caneditattachments] => 1 [canpostpolls] => 1 [canvotepolls] => 1 [canusepms] => 1 [cansendpms] => 1 [cantrackpms] => 1 [candenypmreceipts] => 0 [pmquota] => 20 [maxpmrecipients] => 5 [cansendemail] => 0 [maxemails] => 5 [canviewmemberlist] => 1 [canviewcalendar] => 1 [canaddevents] => 1 [canbypasseventmod] => 1 [canmoderateevents] => 0 [canviewonline] => 1 [canviewwolinvis] => 0 [canviewonlineips] => 0 [cancp] => 0 [issupermod] => 0 [cansearch] => 1 [canusercp] => 1 [canuploadavatars] => 1 [canratemembers] => 1 [canchangename] => 1 [showforumteam] => 1 [usereputationsystem] => 1 [cangivereputations] => 1 [reputationpower] => 1 [maxreputationsday] => 10 [candisplaygroup] => 1 [attachquota] => 25000 [cancustomtitle] => 1 [canwarnusers] => 0 [canreceivewarnings] => 1 [maxwarningsday] => 3 [canmodcp] => 0 )

You can see pmquota is 20 yet his group is actually 1500. This function is the problem.

function usergroup_permissions($gid=0)
{
	global $cache, $groupscache, $grouppermignore, $groupzerogreater;

	if(!is_array($groupscache))
	{
		$groupscache = $cache->read("usergroups");
	}

	$groups = explode(",", $gid);


	if(count($groups) == 1)
	{
		return $groupscache[$gid];
	}

	foreach($groups as $gid)
	{
		if(trim($gid) == "" || !$groupscache[$gid])
		{
			continue;
		}

		foreach($groupscache[$gid] as $perm => $access)
		{
			if(!in_array($perm, $grouppermignore))
			{
				if(isset($usergroup[$perm]))
				{
					$permbit = $usergroup[$perm];
				}
				else
				{
					$permbit = "";
				}

				if(in_array($perm, $groupzerogreater))
				{
					if($access == 0)
					{
						$usergroup[$perm] = 0;
						continue;
					}
				}

				if($access > $permbit || ($access == "yes" && $permbit == "no") || !$permbit) // Keep yes/no for compatibility?
				{
					$usergroup[$perm] = $access;
				}
			}
		}
	}

	return $usergroup;
}

I see checks for 0 so is the pmquota getting reset at some point? The array look seems to have a flaw.

Okay...that's it then. There is a logic problem apparently in the function usergroup_permissions().

I can reproduce too.

Array example of usergroups (just an example)

[10]
pmquota -> 0

[11]
pmquota -> 100

[12]
pmquota -> 0

[13]
pmquota -> 50

It's going to make the pmquota 50 because the 0 resets it if the user is inside all 4 groups or even just 11,12,13. Now I realize looking at the permissions array in the cache that this might also effect other things like maxwarningsday, maxpmrecipients,maxemails, reputationpower, and maxreputationsday. The old yes/no system didn't have this problem conflicting with results that use a number. Also this wouldn't be noticed by those without lots of additional groups.

For now I am adding numbers to each pmquota instead of a zero which does fix this but obviously not optimal or permanent. Zero is also for some of these suppose to be unlimited which also won't stick for any of the parameters I mentioned like maxemails.

So this needs to be sorted out and looked into. If I have made errors please let me know but I have spent the afternoon on this. Hopefully it's not confusing to understand.
#2
Try this. Find

if($access == 0)
{
	$usergroup[$perm] = 0;
	continue;
}

and replace with

if($access > $usergroup[$perm])
{
	$usergroup[$perm] = $access;
	continue;
}


See how that works.
#3
Will do sir and report back.
#4
anything?
#5
Sorry just been too busy to take the time to test. Apologies. I will do this asap.
#6
Chris brought up something I missed with the bug fix.

"0" on a numerical value represents unlimited so we have to take that into account as well. Try this fix:

if(in_array($perm, $groupzerogreater) && ($access == 0 || $usergroup[$perm] == 0))
{
  $usergroup[$perm] = 0;
  continue;
}
#7
Thank you for your bug report.

This bug has been fixed in our internal code repository. Please note that the problem will not be fixed here until these forums are updated.

With regards,
MyBB Group


Forum Jump:


Users browsing this thread: 1 Guest(s)