Hi all -
Running phpMyFAQ 2.8.18 on Ubuntu.
I have articles that have PDFs attached to them, however, when a user who is not logged in tries to view the PDF they get a message stating "You are not authorized". If I log in I can view the PDF just fine. We DO NOT want our users logging in -- we want them to be able to view all content without having to login. The article itself has group permissions set to "Access for all groups" and user permissions set to "Access for all users".
Is there a universal setting that can fix permissions for attachments, or am I missing something else?
Thanks!
Max
Users not authorized to see attachments unless logged in
Moderator: Thorsten
Re: Users not authorized to see attachments unless logged in
Hi,
currently you can only remove the check in the source code:
https://github.com/thorsten/phpMyFAQ/bl ... f.php#L123
phpMyFAQ 2.9 will add a setting to achieve this by configuration.
bye
Thorsten
currently you can only remove the check in the source code:
https://github.com/thorsten/phpMyFAQ/bl ... f.php#L123
phpMyFAQ 2.9 will add a setting to achieve this by configuration.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: Users not authorized to see attachments unless logged in
Thanks Thorsten!
Forgive me, but I'm not a programmer and have difficulty deciphering code. What exactly do I need to remove? I tried removing && $permission['export'] from line 123, but I am still having the same issue.
What modification should I be making?
Max
Forgive me, but I'm not a programmer and have difficulty deciphering code. What exactly do I need to remove? I tried removing && $permission['export'] from line 123, but I am still having the same issue.
What modification should I be making?
Max
Re: Users not authorized to see attachments unless logged in
moin moin,
ich habe das Selbe Problem, habe mal die ganze if, else-if Abfrage auskommentiert, aber geht immer noch nicht.
ich habe das Selbe Problem, habe mal die ganze if, else-if Abfrage auskommentiert, aber geht immer noch nicht.
Code: Select all
/*if (true === $getAll && $permission['export']) {
$filename = 'FAQs.pdf';
$pdfFile = $pdf->generate(0, true, $lang);
} else {
if (is_null($currentCategory) || is_null($id)) {
$http->redirect($faqConfig->get('main.referenceURL'));
exit();
}
$faq->getRecord($id);
$faq->faqRecord['category_id'] = $currentCategory;
$filename = 'FAQ-' . $id . '-' . $lang . '.pdf';
$pdfFile = $pdf->generateFile($faq->faqRecord, $filename);
}*/
Re: Users not authorized to see attachments unless logged in
The above code mode didn't work for me. You have to find the code where the authorization check takes place. I modified the code as follows:
The code is in attachment.php and starts about line 84. You basically want to copy the code from the first part of the if statement into the second part. This way regardless of whether the person is authorized it will allow the pdf to be exported.
The code is in attachment.php and starts about line 84. You basically want to copy the code from the first part of the if statement into the second part. This way regardless of whether the person is authorized it will allow the pdf to be exported.
Code: Select all
//Modified this function to allow all users to download all attachments
if ($attachment && ($groupPermission || ($groupPermission && $userPermission)) && $permission['dlattachment']) {
try {
$attachment->rawOut();
exit(0);
} catch (Exception $e) {
$attachmentErrors[] = $PMF_LANG['msgAttachmentInvalid'] . ' (' . $e->getMessage() . ')';
}
} else {
//$attachmentErrors[] = $PMF_LANG['err_NotAuth'];
try {
$attachment->rawOut();
exit(0);
} catch (Exception $e) {
$attachmentErrors[] = $PMF_LANG['msgAttachmentInvalid'] . ' (' . $e->getMessage() . ')';
}
}