(UTC)
(Moderator: Forum Admin)
Previous Topic | Next Topic
Page Index Toggle Pages: 1 Send Topic Send Topic Print Print
Normal Topic Security Glitch (Read 811 times)
BWETTLAUFER
Full Member
***
Offline



Posts: 216
Location: Cambridge, Ontario
Joined: Apr 9th, 2010
Security Glitch
Apr 10th, 2015 at 1:44am
Print Post Print Post  
Hey all,

I've just upgraded my database, and it must be late, and my eyes are crossing, but a security feature I've added doesn't seem to work.  Help?

In the code below, I have an xlookupsourcelist to see if a file is being moved away from an active staff member.  However, I have placeholder staff ID's that don't exist, and the xlookupsourcelist for these should come back "", and be allowed through ... but they fail every time.  Any idea why?

Code
Select All
		for q = 1 to vpromptamt
			ResultSetCurrentPosition(q)
			if DBColl# <> "NEW" and vPassword <> "PASSWORD"
			{
				vCollcheck = @xlookupsourcelist(@FN, DBColl#, "Staff Screen!StaffRef", "StaffStartDate;StaffEndDate")

				vOK = 1
				if @accessstringarray(vCollCheck,1) <> "" and @accessstringarray(vCollCheck,2) = "" then vOK = 0
				if @accessstringarray(vCollCheck,1) = "" and @accessstringarray(vCollcheck,2) = "" then vOK = 1
				if vCollCheck = "" then vOK = 1
				if vCollCheck < 0 then vOK = 1

				if VOK = 0 then vPassword = @PromptForUserInput("PASSWORD TO ALTER?","")
				if vPassword = "PASSWORD" then vOK = 1
				if vPassword <> "PASSWORD" then vOK = 0
				if vOK = 0
				{
					if VOK = 0 then vSkipCount = vSkipCount + 1
					if VOK = 0 then @MsgBox( "  YOU DO NOT HAVE ACCESS TO ALTER ONE OF THESE ASSIGNED FILES.","  THE ORIGINAL COLLECTOR MUST MOVE THE FILE.","  FILE REMAINS WITH " + DBColl#)
				}
				if vOK = 1
				{
					DBColl# = vpromptuser
					if vPromptNxt <> "" then DBNxt = vPromptNxt

					vCltList = @appendstringarray(vCltList,DBCltNo)

					vNote = "UPD USER -- " + vpromptuser
					if @Visibility(NotePanel) = 1 then NotePanel = @left(vUserDate,4) + "-" + @mid(vUserDate,6,2) + "-" + @mid(vUserdate,9,2) + "   " + @left(vUsertime,5) + "  " + (toupper(@mid(@userid,1,3))) + "   " + vNote
					gAddNote3(vNote)
				}
			}
			ELSE
			{
				DBColl# = vpromptuser
				if vPromptNxt <> "" then DBNxt = vPromptNxt

				vCltList = @appendstringarray(vCltList,DBCltNo)

				vNote = "UPD USER -- " + vpromptuser
				if @Visibility(NotePanel) = 1 then NotePanel = @left(vUserDate,4) + "-" + @mid(vUserDate,6,2) + "-" + @mid(vUserdate,9,2) + "   " + @left(vUsertime,5) + "  " + (toupper(@mid(@userid,1,3))) + "   " + vNote
				gAddNote3(vNote)
			}
		next
  
Back to top
WWW WWW Twitter Twitter  
IP Logged
 
Ray the Reaper
Global Moderator
Members
Lantica Support
*****
Offline


The One & The Only

Posts: 2483
Joined: Aug 20th, 2003
Re: Security Glitch
Reply #1 - Apr 10th, 2015 at 1:24pm
Print Post Print Post  
Hello Blair,

Just as a guess I would say the problem is with these lines

Code
Select All
if VOK = 0 then vPassword = @PromptForUserInput("PASSWORD TO ALTER?","")
if vPassword = "PASSWORD" then vOK = 1
if vPassword <> "PASSWORD" then vOK = 0


If vPassword does not have an initial value of "PASSWORD" then the last If statement is True. You probably want to write these lines like

Code
Select All
	If vOK = 0 Then
	{
		vPassword = @PromptForUserInput("PASSWORD TO ALTER?","")
		If vPassword = "PASSWORD" Then
		{
			vOK = 1
		}
		Else
		{
			vOK = 0
		}
	}
  
Raymond Yoxall Consulting
ray.yoxall@gmail.com
ryoxall@lantica.com
Sesame Applications, Design and Support
Back to top
WWW WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Send Topic Print Print
Previous Topic | Next Topic
 
  « Board Index ‹ Board Top  

Lantica User Forum » Powered by YaBB 2.6.11!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid RSS Valid XHTML Valid CSS Powered by Perl Source Forge