[Solved in 5.3] Unwanted behaviour at user login

[kintree]

Huub

I have been tearing my hair out at the following behaviour (1-3):

1. admin creates a new group G which has access to only a subset of trees

2. admin creates a new user U, makes U a member of group G

3. U logs in, and is presented with a scary message:
Selected family tree: NO NAME
Select another family tree, or login for the selected family tree

The scary message can be removed in one of 3 ways:
A. refresh the page; or
B. below Select a family tree:, click one of the non-hidden trees; or
C. click Select another family tree... and login a second time

This is not a user-friendly introduction for the sort of users I want to show my trees to!

I have found what is causing the problem, in header.php:
the line after the comment // *** No family tree selected yet ***
has a test: if (!isset($_SESSION['tree_prefix']) OR $_SESSION['tree_prefix']=='' )

A further condition is needed: OR $_SESSION['tree_prefix']=='humo2_'

I'm afraid I can't work out where 'humo2_' is coming from, but it is definitely the problem.

Good luck

[Huub]

Hi,

I didn't test yet, but I can tell you what humo2_ is. In the first HuMo-gen versions we used seperate tables for each family tree.
So "tree_prefix" was used as a prefix for the seperate family tree tables.

Later, we combined all these seperate family tree tables. I'm removing all these tree_prefix items, and i'm trying to use tree_id for all scripts.
Unfortunately I also used this tree_prefix in the url of HuMo-gen websites. So it's not possible to completely remove all tree_prefix variables.

A further condition is needed: OR $_SESSION['tree_prefix']=='humo2_'

humo2_ is probably the second family tree you made.

[kintree]

Huub

You are quite right about 'humo2_'. I have now examined the tables using phpMyAdmin, and I understand better what is happening. I shall try to change the logic in that area of header.php

Wish me luck!

[kintree]

Huub

I have set up a login for you on two sites:
https://genealogy.kintree.net (my work site, where I have fiddled with lots of your php & mysql code - for example, you will see debug text from time to time)
https://humogen.kintree.net (my clean installation of HuMo-gen).

In both cases your username is Huub, no password required. You will see the unwanted behaviour as soon as you log in. Huub has no admin privileges, sorry.

[kintree]

Huub

I think I've cracked it: I set true a $_SESSION cookie when a new user logs in, then look for the cookie in the condition I identified, then set the cookie false in the conditional code.

Code: Select all

	// *** Choose default session tree if no tree selected ***
	if (!isset($_SESSION["tree_prefix"]) OR $_SESSION['tree_prefix']=='' OR $_SESSION['new_userlogin']===1){
		if ($_SESSION['new_userlogin']===1) { $_SESSION['new_userlogin']=0; }
		$_SESSION['tree_prefix']=''; // *** If all trees are hidden then session tree remains empty ***

		// *** Find first tree not hidden for this usergroup ***
		$hide_tree_array=explode(";",$user['group_hide_trees']); // this produces an array of tree_id
		$datasql = $dbh->query("SELECT * FROM humo_trees WHERE tree_prefix!='EMPTY' ORDER BY tree_order");
		while(@$dataDb=$datasql->fetch(PDO::FETCH_OBJ)) {
			// *** Check if tree hidden for this usergroup ***
			$hide_tree=false; if (in_array($dataDb->tree_id, $hide_tree_array)) $hide_tree=true;
			if ($hide_tree==false){
				 // tree_prefix indicates a tree not hidden for this usergroup
				$_SESSION['tree_prefix']=$dataDb->tree_prefix;
				break;
			}
		}
	}

So I hope you will find that genealogy.kintree.net works correctly now, and humogen.kintree.net still shows the problem.

[Huub]

Hi,

I see the problem!

But it only happens in this situation:
A quest can see family trees: 1, 2 and 3.
A logged in user can only see tree: 2.

If you go to the HuMo-gen website as a user, then the default family tree is: 1.
If the guest will log in at that moment, there will be a message "Select another family tree, or login for the selected family tree" (because family tree 1 is selected in the session).

Personally I think it's strange a guest can see more family trees then a logged in member.
Normally it will be this situation:
A quest can see family tree: 2.
A logged in user can trees: 1, 2 and 3.
In this situation there will be no strange messages!

But: I will probably use your code in the next version!

[kintree]

Huub

"strange that a guest can see more family trees" than a member of a group - NOT SO, guest may have viewing rights to a restricted set of information. Group-member may have editing rights to a restricted set of trees, perhaps to just one tree. A program-designer must avoid preconceptions.

Please note that my suggestion will require further modifications: because guest does not require a login, $_SESSION['new_userlogin'] will probably need to be set when a logged-in user logs off, even if it is an involuntary logoff due to session timeout.

Good luck!

[Huub]

Hi,

I think I solved the problem. I made some changes in the script header.php. This is the script where a tree is selected.
I made some changes, if a tree is not allowed, the first tree that is allowed will be selected.

If you add this sctipt in the main HuMo-gen folder, it should be working.

header.php

(23.11 KiB) Downloaded 391 times

No need for extra cookie

[kintree]

Huub

Sorry to be so long responding, I was on holiday for a while!

Thanks very much for the update - I'll try it in the next few days.