AccountController - BUG - on duplicate field names

September 28, 2020, 03:39:47 PM

There is a bug in PHPRAD v2.7.3 on the default controller generated for authentication.

The error is the Index method in the "where" clause.

The authentication table is called "accounts" and the primary key is on the field named ID.

The problem is when adding other tables to the list/view/edit pages - in this case a "groups" table - which has same field name "ID".

(mybe it's bad practice but use the same field name on all tables "ID" as primary key with autoincrement)

The problem is in the $db->where() invocation where only the field name is used instead of table.field as in all methods (edit) where thw table name is properly used.

original code:

Code: [Select]

/**
 * Account Page Controller
 * @category  Controller
 */
class AccountController extends SecureController{
	function __construct(){
		parent::__construct(); 
		$this->tablename = "accounts";
	}
	/**
		* Index Action
		* @return null
		*/
	function index(){
		$db = $this->GetModel();
		$rec_id = $this->rec_id = USER_ID; //get current user id from session

		$db->where ("ID", $rec_id);

		$tablename = $this->tablename;
		$fields = array("accounts.ID", 
			"accounts.userName", 
			"accounts.fullName", 
			"accounts.email", 
			"groups.name AS groups_name", 
			"accounts.photo", 
			"accounts.simpleRole");
		$db->join("groups", "accounts.groupID = groups.ID", "LEFT ");
		$user = $db->getOne($tablename , $fields);
                ....

     * Update user account record with formdata
	 * @param $formdata array() from $_POST
     * @return array
     */
	function edit($formdata = null){
		$request = $this->request;
		$db = $this->GetModel();
		$rec_id = $this->rec_id = USER_ID;
		$tablename = $this->tablename;
		 //editable fields
		$fields = $this->fields = array("ID","userName","groupID","fullName","email","password","photo","simpleRole");
		if($formdata){
			$postdata = $this->format_request_data($formdata);
                        ........
		}

		$db->where("accounts.ID", $rec_id);;

		$data = $db->getOne($tablename, $fields);
		$page_title = $this->view->page_title = get_lang('my_account');
		if(!$data){
			$this->set_page_error();
		}
		return $this->render_view("account/edit.php", $data);
	}

Re: AccountController - BUG - on duplicate field names

Reply #1 – September 29, 2020, 07:29:27 PM

@mculibrk‍ thank, the issue has been noted.

Re: AccountController - BUG - on duplicate field names

Reply #2 – September 30, 2020, 09:53:39 AM

Another "BUG" I noticed, not related to this exact issuse:

After enabling "authentication" on a sample project the "publish" action got broke somehow.
Some of the generated files were just half "compiled" - there was a lot of "placeholders" left in them ("___something") and sure, the the page/app stopped working.

It's interesting that the only thing I did was to enable authentication (selected an exitsing table and fields).
After that I created a table from PHPRAD and used that for auth and it was OK - the code generated and the app worked.

The same goes for the "role management" - when I select "dynamic" and select tables it breaks with some strange errors that it cannot create/modify table fields - but the tables and fields were already created (with same types as it tried to change to)

PHPRad is great, really... but is sometimes extremely "fragile" for no obvious reasons...

regards

Re: AccountController - BUG - on duplicate field names

Reply #3 – October 01, 2020, 04:09:13 PM

@mculibrk‍ please when you create a new phprad project before any configuration, preview the project first and save the file. This issue is related to the fact that you created the project and started configurations without doing the above mentioned.