I have installed drupal on a test board (I dare not put it on my main board until it proves itself useful and USEABLE!) It installed without incident, and I'm able to create content - but I can't view it. Any and all attempts to view the test posts are met with access denied statements. I have tried to create an administrator role, link it to user group 6 and turn on all its permissions but contrary to what the instructions I have encountered state, this SIMPLY DOES NOT WORK. I'm on the verge of giving up on doing this properly and looking through the code and rewriting the permission system entirely.

Any help would be appreciated.

There is definately a bug in here somewhere gentleman. It would help if I could get some pointers before I start tearing the code apart.

I have already decided to rewrite the code so that anyone in the superadministrators group (defined in the vbulletin config file) automatically has access to all blocks in the system.

Ok, I'm rewiring it to force superadmin access to all priveledges. Any help in this would be appreciated (not like I've gotten any so far).

In settings.php we first must call up our superadmins - this is defined in the vbulletin config file so we have to grab this before the $config var is unset around line 145.

unset($config);
require(vb_dir . '/includes/config.php');
$db_url = 'mysql://' . $config['MasterServer']['username'] . ':' . $config['MasterServer']['password'] . '@' . $config['MasterServer']['servername'] . '/' . $config['Database']['dbname'];
unset($config);

Changed to...

unset($config);
require(vb_dir . '/includes/config.php');
$db_url = 'mysql://' . $config['MasterServer']['username'] . ':' . $config['MasterServer']['password'] . '@' . $config['MasterServer']['servername'] . '/' . $config['Database']['dbname'];

$superadmins = explode(",", $config['SpecialUsers']['superadministrators']); // Find our superadmins

unset($config);

Further down is where the code maps the user roles to the userids. This is changed to map the superadmins to every role that exists in the system.

$role_map = array();

if ($bbuserinfo['userid'] != 0)
{
include_once 'includes/database.inc';
$result = db_query('SELECT * FROM {role} ORDER BY name');

while ($role = db_fetch_object($result))
{
if ($role->rid == 1) continue;
if (is_member_of($bbuserinfo, explode(',', $role->vbgroupids)) || in_array($bbuserinfo['userid'], $superadmins)) // Fake superadmins being in all roles.
{
$role_map[$role->rid] = $role->name;
}
}
}

if (sizeof($role_map) == 0 && !in_array($bbuserinfo['userid'], $superadmins))

This didn't fix the problem so I now have to find the function (or - god forbid - functions) that check permission so that I can skip the check on $superadmin presence.

Supposedly the node access function is used to determine if a node can be viewed - but the function isn't being called on viewings (I put an echo "Called"; exit; line in there and it didn't hit than line and die so I know the function was never called).

Anybody know where the hell the user_access function is defined?

Anybody know where the hell the user_access function is defined?

Found it (finally) user.module. Changed it. Still no change to the problem..

Dumped entire database and restored to pre-drupal setup.
Followed instructions exactly.
Did not work.

Dumped entire database and performed virgin install of vbulletin.
Followed instructions in post 1 exactly.
Did not work.

I am running out of patience.

Anonymous users can't even access content even though that is explicitly checked off for them by default.

Ok, I may have found a clue to the solution after playing a round of Worms: Armageddon to get my frustration out..

Using PHPmyadmin I checked the nodes table and noted my posts had a uid of 0. When I changed them to 2 using PHPmyadmin the posts appeared normally.

:(

THAT is a bug, but I should be able to fix it myself given time.

EDITted the node, uid set back to 0 and error repeats. This is definately a bug.

Inserted line

print_r($node); exit;

Into start of function node_save

This returned:

stdClass Object ( [theme] => [mode] => [sort] => [data] => => [threshold] => [comments_per_page] => [nameutf] => 1 [name] => Pooka [uid] => 2 [mail] => mlmorr0@uky.edu [created] => 1141080660 [timezone] => -18000 [membergroupids] => [language] => en [roles] => Array ( [2] => administrator ) [session] => messages|a:0:{} ) stdClass Object ( [name] => Pooka [date] => 2006-03-11 15:56:05 -0500 [status] => 1 [moderate] => 0 [promote] => 1 [sticky] => 0 [revision] => 0 [comment] => 2 [title] => Page Test [taxonomy] => Array ( [0] => 0 ) [body] => Page Test [format] => 1 [created] => 1142110565 [type] => page [teaser] => Page Test [B][uid] => [files] => Array ( ) [validated] => 1 )

Note the uid is missing in the list of fields to insert (and therefore gets written as 0 -- it's the bolded part above). Hmmm...

And the problem is solved. Function user_load is responsible for the problems I've experienced - it is not generating a proper query to validate the user. Submitted for approval is the corrected function.

function user_load($array = array()) {
global $vboptions, $stylevar, $bbuserinfo;


$user = new StdClass();

$result = db_query_range("SELECT u.username, u.userid, u.mail, u.timezoneoffset, u.joindate, u.usergroupid, u.membergroupids,
bl.theme, bl.blogtitle, bl.mode, bl.sort, bl.threshold, bl.data
FROM {users} u
LEFT JOIN {blogs} bl ON bl.uid = u.userid
WHERE u.userid = $bbuserinfo[userid] ", $params, 0, 1);

if (db_num_rows($result))
{
$tmpuser = db_fetch_object($result);
$user->data = unserialize($tmpuser->data);
$user->block = $user->data['block'];
$user->name = $tmpuser->username;
if ($vboptions['convert_to_utf']) {
$user->name = drupal_convert_to_utf8($user->name, $stylevar['charset']);
$user->nameutf = TRUE;
}
$user->name = $bbuserinfo['username'];
$user->uid = $bbuserinfo['userid'];
$user->mail = $bbuserinfo['email'];
$user->created = $bbuserinfo['joindate'];
$user->timezone = $bbuserinfo['tzoffset'] * 3600;
$user->membergroupids = $bbuserinfo['membergroupids'];
$user->language = $bbuserinfo['lang_code'];
$user->theme = $tmpuser->theme;
$user->blogtitle = $tmpuser->blogtitle;
$user->mode = $tmpuser->mode;
$user->sort = $tmpuser->sort;
$user->threshold = $tmpuser->threshold;
$user->roles = array(); // delayed
$user->comments_per_page = $user->data['comments_per_page'];
user_module_invoke('load', $array, $user);
}
return $user;
}

Pooka, this may fix one issue, but create a few more. What type of node did you have permission problems with?

All of them pretty much. Any node where you submitted content was broken. All of them where inserting userid 0 and the preview was coming up unverified. I *think* the problem is my test machine wasn't carrying over session variables correctly and the original function breaks if session vars aren't passed.

So far though it hasn't created any issues, but I'll continue to test. I've also deployed it

http://www.therpgsite.com

Well, I'll take that back - when an admin edits a post the system transfers the post credit to them - so there's one bug in the fix.

Ok, I caught the problem and retested this. I think this will work...

function user_load($array = array()) {
global $vboptions, $stylevar, $bbuserinfo;

$query = '';

$user = new StdClass();

$params = array();
foreach ($array as $key => $value) {
if ($key == 'uid' && !$value == 0) {
$query .= "u.userid = %d ";
$params[] = $value;
}
else if ($key == 'name' && !$value == ''){
$query .= "u.username = '". addslashes($value) ."'";
if ($vboptions['convert_to_utf']){
$params[] = strtolower(undo_utf($value));
}
else {
$params[] = strtolower($value);
}
}
}


if ($query)
{
$user = new StdClass();

$result = db_query_range("SELECT u.username, u.userid, u.mail, u.timezoneoffset, u.joindate, u.usergroupid, u.membergroupids,
bl.theme, bl.blogtitle, bl.mode, bl.sort, bl.threshold, bl.data
FROM {users} u
LEFT JOIN {blogs} bl ON bl.uid = u.userid
WHERE $query ", $params, 0, 1);

if (db_num_rows($result)) {
$tmpuser = db_fetch_object($result);
$user->data = unserialize($tmpuser->data);
$user->block = $user->data['block'];
$user->name = $tmpuser->username;
if ($vboptions['convert_to_utf']) {
$user->name = drupal_convert_to_utf8($user->name, $stylevar['charset']);
$user->nameutf = TRUE;
}
$user->uid = $tmpuser->userid;
$user->created = $tmpuser->joindate;
$user->membergroupids = $tmpuser->membergroupids;
$user->theme = $tmpuser->theme;
$user->blogtitle = $tmpuser->blogtitle;
$user->mail = $tmpuser->mail;
$user->mode = $tmpuser->mode;
$user->sort = $tmpuser->sort;
$user->timezone = $tmpuser->timezoneoffset * 3600;
$user->threshold = $tmpuser->threshold;
$user->roles = array(); // delayed
$user->comments_per_page = $user->data['comments_per_page'];
user_module_invoke('load', $array, $user);
}
return $user;
}
else
{
return 0;
}

/* Original Function
global $vboptions, $stylevar;

// Dynamically compose a SQL query:
$query = '';

$user = new StdClass();

$params = array();
foreach ($array as $key => $value) {
if ($key == 'uid') {
$query .= "u.userid = %d ";
$params[] = $value;
}
else if ($key == 'name'){
$query .= "u.username = '%s' ";
if ($vboptions['convert_to_utf']){
$params[] = strtolower(undo_utf($value));
}
else {
$params[] = strtolower($value);
}
}
}

$result = db_query_range("SELECT u.username, u.userid, u.mail, u.timezoneoffset, u.joindate, u.usergroupid, u.membergroupids,
bl.theme, bl.blogtitle, bl.mode, bl.sort, bl.threshold, bl.data
FROM {users} u
LEFT JOIN {blogs} bl ON bl.uid = u.userid
WHERE $query ", $params, 0, 1);

if (db_num_rows($result)) {
$tmpuser = db_fetch_object($result);
$user->data = unserialize($tmpuser->data);
$user->block = $user->data['block'];
$user->name = $tmpuser->username;
if ($vboptions['convert_to_utf']) {
$user->name = drupal_convert_to_utf8($user->name, $stylevar['charset']);
$user->nameutf = TRUE;
}
$user->uid = $tmpuser->userid;
$user->created = $tmpuser->joindate;
$user->membergroupids = $tmpuser->membergroupids;
$user->theme = $tmpuser->theme;
$user->blogtitle = $tmpuser->blogtitle;
$user->mail = $tmpuser->mail;
$user->mode = $tmpuser->mode;
$user->sort = $tmpuser->sort;
$user->timezone = $tmpuser->timezoneoffset * 3600;
$user->threshold = $tmpuser->threshold;
$user->roles = array(); // delayed
$user->comments_per_page = $user->data['comments_per_page'];
user_module_invoke('load', $array, $user);
}
return $user;*/
}

After two weeks this reworked code has created no problems. Thoughts on including it to the main code?

Pooka, I was enable to reproduce the problem. What did you change, and why do you think it fixed the problem?

Here's what is changed... (Read the comment text - both my function and the original are present)



function user_load($array = array())
{
global $vboptions, $stylevar;

$query = '';

$user = new StdClass();

$params = array();


foreach ($array as $key => $value)
{
if ($key == 'uid' && !$value == 0) // Second part of this conditional - !$value == 0 - added.
{ //When the session cookie isn't passed the value is 0
$query .= "u.userid = %d "; //but a username gets passed anyway. The user is then
$params[] = $value; // "unverified" but loads anyway.
}
else if ($key == 'name' && !$value == '') // Second part of this conditional added. %s is the session var,
{ // No use checking it if user id has failed.
$query .= "u.username = '". addslashes($value) ."'"; // Here add slashes added to protect against user names with ' characters
if ($vboptions['convert_to_utf'])
{
$params[] = strtolower(undo_utf($value));
}
else
{
$params[] = strtolower($value);
}
}
}


if ($query) // Since it's possible to have no query when the user is anon it's necessary to guard against
{ // an invalid SQL of Where without a clause. Return 0 on this event.
$user = new StdClass();

$result = db_query_range("SELECT u.username, u.userid, u.mail, u.timezoneoffset, u.joindate, u.usergroupid, u.membergroupids,
bl.theme, bl.blogtitle, bl.mode, bl.sort, bl.threshold, bl.data
FROM {users} u
LEFT JOIN {blogs} bl ON bl.uid = u.userid
WHERE $query ", $params, 0, 1);

if (db_num_rows($result))
{
$tmpuser = db_fetch_object($result);
$user->data = unserialize($tmpuser->data);
$user->block = $user->data['block'];
$user->name = $tmpuser->username;

if ($vboptions['convert_to_utf'])
{
$user->name = drupal_convert_to_utf8($user->name, $stylevar['charset']);
$user->nameutf = TRUE;
}

$user->uid = $tmpuser->userid;
$user->created = $tmpuser->joindate;
$user->membergroupids = $tmpuser->membergroupids;
$user->theme = $tmpuser->theme;
$user->blogtitle = $tmpuser->blogtitle;
$user->mail = $tmpuser->mail;
$user->mode = $tmpuser->mode;
$user->sort = $tmpuser->sort;
$user->timezone = $tmpuser->timezoneoffset * 3600;
$user->threshold = $tmpuser->threshold;
$user->roles = array(); // delayed
$user->comments_per_page = $user->data['comments_per_page'];
user_module_invoke('load', $array, $user);
}

return $user;
}
else
{
return 0;
}

/* Original Function
global $vboptions, $stylevar;

// Dynamically compose a SQL query:


$result = db_query_range("SELECT u.username, u.userid, u.mail, u.timezoneoffset, u.joindate, u.usergroupid, u.membergroupids,
bl.theme, bl.blogtitle, bl.mode, bl.sort, bl.threshold, bl.data
FROM {users} u
LEFT JOIN {blogs} bl ON bl.uid = u.userid
WHERE $query ", $params, 0, 1);

if (db_num_rows($result)) {
$tmpuser = db_fetch_object($result);
$user->data = unserialize($tmpuser->data);
$user->block = $user->data['block'];
$user->name = $tmpuser->username;
if ($vboptions['convert_to_utf']) {
$user->name = drupal_convert_to_utf8($user->name, $stylevar['charset']);
$user->nameutf = TRUE;
}
$user->uid = $tmpuser->userid;
$user->created = $tmpuser->joindate;
$user->membergroupids = $tmpuser->membergroupids;
$user->theme = $tmpuser->theme;
$user->blogtitle = $tmpuser->blogtitle;
$user->mail = $tmpuser->mail;
$user->mode = $tmpuser->mode;
$user->sort = $tmpuser->sort;
$user->timezone = $tmpuser->timezoneoffset * 3600;
$user->threshold = $tmpuser->threshold;
$user->roles = array(); // delayed
$user->comments_per_page = $user->data['comments_per_page'];
user_module_invoke('load', $array, $user);
}
return $user;*/
}

In brief though - it's been a few days since I plugged this but basically the user load function was occasionally missing the user.