CMSB Acting Weirdly

16 posts by 4 authors in: Forums > CMS Builder
Last Post: August 19, 2016   (RSS)

Hi Guys

Well, either CMSB is acting weirdly or my code is doing something it was not designed to do!

Environment: CMSB v3.05 with Website Membership v1.11/Geocoder 1.05/Newsletter Builder 3.04

Website:  http://uccvi.com

The issue is this:  There is a private members area that only Directors can access (Website Membership).  Once in (see attached minutes.php), they will see additional documents not available to the general public.  Specifically the BOD Minutes.  For some reason, the 2016 Minutes don't show at all, and I don't understand why as they are identical to other year's Minutes.

I am very confused!

Ragi

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke
Attachments:

minutes.php 10K

By Damon - August 15, 2016

Hi,

The issue is this:  There is a private members area that only Directors can access (Website Membership).  Once in (see attached minutes.php), they will see additional documents not available to the general public.  Specifically the BOD Minutes.  For some reason, the 2016 Minutes don't show at all, and I don't understand why as they are identical to other year's Minutes

When looking at your code, the only difference between the BOD minutes and the other minutes is this code in the IF statement (line 149):

$record['private']

instead of

$record['public']

Can you change the BOD if statement to use $record['public'] and the see if the content appears. Hopefully this will help narrow it down.

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Damon:  Something really weird is going on.  I tried your suggestion and now I am really mystified.

First, after implementing your suggestion, only the title "Board of Directors Meeting Minutes" showed up (without login).  Then I logged in, and go exactly the same thing (no minutes).

So, I logged out, logged into CMSB and changed the 2016 Minutes from "private" to "public" and went back to the website.  No difference (logged in or out).

I reset the "public" in line 149 back to "private" and everything went back to what it was before, except that I can't logout, but only for the minutes.php page.  All BOD minutes up to 2015 show, nothing after (original condition).  If I go to the BOD page, I don't see their addresses & phone numbers unless I login again.

This is very confusing....!

Ragi

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke

By Damon - August 17, 2016

Hi,

Can you use the CMS Builder showme function to display all the values for every variable.

<?php showme($minutes_public_privateRecords); ?>

Hopefully this will show what variables are displaying content and help narrow it down.

If not, the next step is to start with a new page with just the BOD code and nothing else to see if that works, then add more and retest to determine what is causing the unexpected results.

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Damon:  Is there anyway to write the output to a file instead of trying to scroll through a browser window?

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke

By Damon - August 18, 2016

Damon:  Is there anyway to write the output to a file instead of trying to scroll through a browser window

Not something I have done. I usually output the contents in the footer and scroll through.

I'm guessing that you could possibly use the PHP functions fopen, fwrite, fclose.

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Damon:  Found it!  My client decided to change the catalog labels without telling me.  The code looked for "Board of Director Meetings".  The client changed it to "Board of Director Minutes" prior to publishing the 2016 minutes.

So, that is one problem solved.  The other issue is why I can't logout.  I thought it might be my cache, but I flushed it and still see everything when I go to this page.

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke

Damon:  For some reason Websitemembership plugin won't let me logoff this page (minutes).  It does actually logoff, but the value of $CURRENT_User['position'] is still "director", so it displays the BOD Minutes, which it shouldn't.

The code I use to logoff is as follows:

<?php if ($CURRENT_USER['position'] == 'Director'): ?>
<div style="border: 1px solid #000; background-color: #EEE; padding: 10px; width: 500px">
<p><a href='directors.php'>Board of Directors</a><br />
<a href='motions.php'>Motions & Financial Statements</a><br />
<a href='minutes.php'>Minutes & Record of Proceedings</a><br />
<a href='profile.php?action=logoff'>Logoff</a></p>
</div>

Any ideas how I can force the logoff and not display the BOD Minutes?

Ragi

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke

By Steve99 - August 19, 2016

Ragi,

Not sure if this applies to what you're experiencing, but it may...

By any chance are you using any htaccess rules to leverage browser cache? (we often use htaccess browser cache rules for page speed)

Reason I bring this up is I had experienced a "logoff" issue before, and it was due to "ExpiresByType text/html" and/or "ExpiresDefault" content type rules (to which we no longer place in htaccess files on sites using the membership module).

Anyway, just wanted to mention this in case it relates...

Cheers,
Steve

Steve:  It doesn't look like it.  The only .htaccess is the CMSB one (see below):

# CMS PHP Config Files
# --------------------------------------------------------------------------------------------
# These config files attempt to reset PHP and Apache settings to standard values and turn off
# deprecated or problematic features that would otherwise cause errors or problems.
#
# NOTE: These files aren't supported on all servers, but on many they will prevent problems.
# However, they are OPTIONAL and you can safely remove these files if needed.
# --------------------------------------------------------------------------------------------
# .htaccess - For Apache, Apache PHP module and IIS with .htaccess emulator: http://php.net/configuration.changes
# .user.ini - For servers running PHP in CGI/FastCGI mode: http://php.net/configuration.file.per-user
# php.ini   - For servers that support custom php.ini files: http://php.net/configuration.file
# --------------------------------------------------------------------------------------------
# *** IMPORTANT!!! If you make any changes to this file save a backup copy as <filename>.backup
# so you have a backup in case your changes get overwritten next time you upgrade.

# .htaccess settings
# --------------------------------------------------------------------------------------------
# Docs: http://php.net/configuration.changes
# Docs: http://php.net/manual/en/ini.php

# Apache: disable directory browsing
Options -Indexes

# Apache: disable mod_security (some of the admin menus allow you to define SQL which mod_security detects and then denied access to)
<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

# Apache: disable mod_gzip for cms admin folder (tinymce gzips javascript and sometimes things get double encoded causing errors)
<IfModule mod_gzip.c>
  mod_gzip_on No
</IfModule>

# Apache: Fix issue where some servers send wrong content-type and FireFox won't load stylesheets
<ifModule mod_mime.c>
  AddType text/css .css
</ifModule>

# PHP: turn off deprecated PHP features and increase max upload size allowed
<IfModule mod_php5.c>
  php_value date.timezone UTC
  #php_value disable_functions none # Entry can only be set in php.ini or httpd.conf
  php_value max_input_vars 2000
  php_value open_basedir none
  php_value post_max_size 101M
  php_value upload_max_filesize 101M
  # php_flag zlib.output_compression Off
</IfModule>

# Identify loaded modules
<IfModule mod_env.c>
  SetEnv CMSB_APACHE_HTACCESS 1
  SetEnv CMSB_MOD_ENV 1
  <IfModule mod_php5.c>
    SetEnv CMSB_MOD_PHP5 1
  </IfModule>
  <IfModule mod_fcgid.c>
    SetEnv CMSB_MOD_FCGID 1
  </IfModule>  
  <IfModule mod_suphp.c>
    SetEnv CMSB_MOD_SUPHP 1
    #suPHP_Engine on
    #suPHP_ConfigPath /full/path/to/folder/with/php.ini/in/it
  </IfModule>
  <IfModule mod_security.c>
    SetEnv CMSB_MOD_SECURITY1 1
  </IfModule>
  <IfModule mod_security2.c>
    SetEnv CMSB_MOD_SECURITY2 1
  </IfModule>
  <IfModule mod_rewrite.c>
    SetEnv CMSB_MOD_REWRITE 1
  </IfModule>
</IfModule>

# SECURITY: Deny access to common configuration and data files, eg: .htaccess, php.ini, .user.ini, php_errors.log, backup.sql, etc
<FilesMatch "\.(htaccess|ini|log|sql)$">
Order Deny,Allow
Deny from All
</FilesMatch>
# SECURITY: Deny access to common configuration and data files with php extensions, eg: settings.dat.php, etc
<FilesMatch "\.(dat|defaultSqlData|log|sql)\.php$">
Order Deny,Allow
Deny from All
</FilesMatch>

# Identify loaded config files - repurpose some lesser used php.ini directives to indicate which config files loaded
<IfModule mod_php5.c>
  php_value highlight.html '#000000; CMSB_CONFIG_HTACCESS'
  php_value date.default_latitude '11.1111 CMSB_CONFIG_HTACCESS'
</IfModule>

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke