By davecoventry on
I am getting 403 Access denied errors for my hook menu implementation.
In reports in the admin menu under Top 'access denied' errors I get
2939 simpim/get_message
8 simpim/writemessage
function simpim_menu() {
$items['simpim/check_messages'] = array(
'title' => 'Check Message',
'page callback' => 'check_messages',
'access' => TRUE,
'type' => MENU_CALLBACK,
);
$items['simpim/writemessage'] = array(
'title' => 'Write Messages',
'page callback' => 'writemessage',
'access' => TRUE,
'type' => MENU_CALLBACK,
);
$items['simpim/get_message'] = array(
'title' => 'Get Messages',
'page callback' => 'get_message',
'access' => TRUE,
'type' => MENU_CALLBACK,
);
return $items;
}
function writemessage(){
$suid=$_GET['suid'];
$sname=$_GET['sname'];
$ruid=$_GET['ruid'];
$rname=$_GET['rname'];
$msg=check_plain($_GET['msg']);
$messageq=db_query('INSERT INTO {im_msg} (suid,sname,ruid,rname,msg,sent_time) VALUES(%d,"%s",%d,"%s","%s","'.date("Y-m-d H:i:s").'")',$suid,$sname,$ruid,$rname,$msg);
}
function get_message(){
$suid=$_GET['suid'];
$ruid=$_GET['ruid'];
$messageq=db_query('SELECT mid,sname,msg,sent_time FROM {im_msg} WHERE ruid=%d AND received_time="0000-00-00 00:00:00"',$ruid);
$messages='';
$readmessages=array();
while($row=db_fetch_array($messageq)){
$messages=$messages.'<br>'.$row['sent_time'].'<br>'.$row['sname'].':'.$row['msg'];
$readmessages[]=$row['mid'];
}
foreach($readmessages as $d){
//db_query('UPDATE {im_msg} SET received_time="'.date("Y-m-d H:i:s").'" WHERE mid='.$d);
db_query('DELETE FROM {im_msg} WHERE mid='.$d);
}
echo $messages;
}
function check_messages(){
$messageq=db_query('SELECT sname FROM {im_msg} WHERE ruid='.$_GET['ruid'].' AND received_time="0000-00-00 00:00:00"');
$echo='';
if ($row=db_fetch_array($messageq)){
if($echo==''){
$echo=$row['sname'];
}
else{
$echo=$echo.', '.$row['sname'];
}
}
echo $echo;
}
Can anyone see where I'm going wrong?
Comments
Anyone?
Anyone?
Nobody?
Nobody?
'access' is a D5 construct
See http://api.drupal.org/api/function/hook_menu/6 and http://drupal.org/node/109157
There's no 'access' key in D6.
edited to add: please read http://drupal.org/writing-secure-code with a focus on Database access (use placeholders) and Text handling.
Thank you
Heine,
Thanks for the input.
I have removed the access line but there is no difference and I still get the 403.
and I have rewritten my query ;)
Anything else you can think of?
I have removed the access
You still need to specify access callback and access arguments. Also, when changing anything in hook_menu, visit admin/build/modules to get the router table rebuild.
Thanks Heine
I thought that "access callback" defaults to "user_access"?
And is not "access arguments" a mechanism to pass arguments to the callback function?
I'm using $_GET['ruid'] to access the userid of my user.
I suppose I could use 'global $user' and then I wouldn't need to pass anything to the function...
Yes, access callback defaults
Yes, access callback defaults to user_access. You still need to give it a permission as argument (via access arguments).
Many thanks
Heine,
Many thanks for your assistance.
'access arguments' => array('access messages'), cured the problem, but I'm not sure I understand how.
My misapprehension (as is apparent from my posts above) was that I thought that the 'access arguments' array parameters to be used in the page callback function, which is clearly not the case.
'access arguments' appears to require an array, itself containing a string in the form of a space-separated array. This sub array, carries two elements, 'access' and 'messages'. Where are these elements defined?
Thanks again,
Dave Coventry
'access arguments' are passed
'access arguments' are passed to the 'access callback' (user_access by default), 'page arguments' are passed to the 'page callback'.
As you need to pass a permission string to user_access, you need to use array('the permission string') so user_acces receives this as a parameter. This is a simple string that corresponds to a permission defined in hook_perm.
Eh, no, it contains the string 'access messages'. There are many permissions in Drupal eg 'access content', 'administer nodes' etc. To define extra permissions for use in your module, create an implementation of hook_perm.
See also http://www.php.net/manual/en/langref.php