Started with v1.5.1
Started with v1.5.1
I've traced this down to the following conditions:
- The currently signed-in admin is not a superuser.
- The admin profile associated with that admin has one or more of the 'Product Types' enabled.
For that set of conditions, the check_page function in admin_access.php is choking on the (non-existent) constant associated with the enabled Product Type. In that case, the main_page value returned for the enabled product type by the SQL query at line 29 of /ADMIN/includes/functions/admin_access.php is empty because there's no such key (e.g. _productTypes_product_music) to associate.
With the changes in red, the debug logs no longer are created ... but I'm not sure if (a) it's an appropriate change and (b) if it's a complete change.
I also noticed during my "playing" with this that it's not possible to check 'Product Types', 'Product - Free Shipping' in an admin profile and have it remain checked after clicking the Update button.Code:$sql = "SELECT ap.main_page, ap.page_params FROM " . TABLE_ADMIN . " a LEFT JOIN " . TABLE_ADMIN_PAGES_TO_PROFILES . " ap2p ON ap2p.profile_id = a.admin_profile LEFT JOIN " . TABLE_ADMIN_PAGES . " ap ON ap.page_key = ap2p.page_key WHERE admin_id = :adminId:"; $sql = $db->bindVars($sql, ':adminId:', $_SESSION['admin_id'], 'integer'); $result = $db->Execute($sql); $retVal = FALSE; while (!$result->EOF) { $pageName = zen_not_null($result->fields['main_page']) ? constant($result->fields['main_page']) : ''; if (($pageName == $page || basename($pageName, '.php') == $page) && $result->fields['page_params'] == $page_params) { $retVal = TRUE; } $result->MoveNext(); }
A better solution is to improve the query to 'weed out' the erroneous selection in the first place:
Code:$sql = "SELECT ap.main_page, ap.page_params FROM " . TABLE_ADMIN . " a LEFT JOIN " . TABLE_ADMIN_PAGES_TO_PROFILES . " ap2p ON ap2p.profile_id = a.admin_profile LEFT JOIN " . TABLE_ADMIN_PAGES . " ap ON ap.page_key = ap2p.page_key WHERE admin_id = :adminId: AND ap2p.page_key NOT LIKE '_productTypes_%'"; $sql = $db->bindVars($sql, ':adminId:', $_SESSION['admin_id'], 'integer'); $result = $db->Execute($sql); $retVal = FALSE; while (!$result->EOF) { $pageName = constant($result->fields['main_page']); if (($pageName == $page || basename($pageName, '.php') == $page) && $result->fields['page_params'] == $page_params) { $retVal = TRUE; } $result->MoveNext(); }
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I just wanted to report that I experienced this bug as well. Mine is a heavily modified zen cart that has been updated from 1.3.8 to it's current 1.5.1. Some plugins that might have triggered this? Perhaps SSU or the fact that I had previously installed admin profiles, but then removed it once I upgraded to 1.5.1.
Once I went in and set up profiles for everyone the error seemed to disappear and hasn't come back. So I'm just hoping it was temporary and ignoring it for now.
Same problem here in fresh install of 1.5.1 No mods or edits its stock u Get the following message: PHP Warning: constant(): Couldn't find constant in /..includes/functions/admin_access.php on line 38, referer: http://.../categories.php?cPath=11&c...=edit_category
An 8mb error log file has been growing and growing because of this error. Is there a fix? I tried the above and i get an "Error please refresh this page" when trying to edit categories.
The problem also does not occur on superuser profile. Only occurs on custom profiles.
I've got this issue with other than super user profiles AFTER installing Image Handler 4, but people in the IH thread concluded that it would not be an IH problem. So, the problem really persists and an administrator can't update the product info anymore due to this permission issue:
http://www.zen-cart.com/showthread.p...36#post1189336
The error log tells about the same CONSTANT issues than in this thread.
I may be blond but at least I found Zen.
The glass is not half full. The glass is not half empty. The glass is simply too big!
Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker
Bookmarks