[development] user_save() trying to create a duplicate user

Moshe Weitzman weitzman at tejasa.com
Tue Feb 5 15:05:09 UTC 2008


This is quite a dangerous operation. If you don't change back to the
original uid, whomever calls this page gets to be uid=1 on the next
request. There are many reasons why a page might not complete so you
have to defend against it. Thanksfully, core now makes this easy. Just
add a call to session_save_session(FALSE) before the user_load().
After you are done with your save operations, call
session_save_session(TRUE).

On Feb 5, 2008 9:33 AM, David Metzler <metzlerd at metzlerd.com> wrote:
>
> Here's an example from my CAS module.
>
>         // Become user 1 to be able to save profile information
>          $admin = array('uid'=> 1);
>          $user = user_load($admin);
>
> If you're operating as a normal user you'll want to save away the value of
> the current user, become admin , do your save stuff, then become the normal
> user again. Something like:
>
>    global $user;
>    $temp_user = $user;
>    $admin= array('uid' => 1);
>    $user = user_load($admin);
>
>    ... do some save stuff
>
>    $user = user_load($temp_user);
>
>
> This of course should only be used when you're trying to circumvent
> permissions checked by user_save() (do you have permissions to modify user
> roles for example).
>
> I thought there used to be code in cron.php to do this, but I think I may
> just be remembering wrong. Perhaps someone else on the dev list could answer
> the question of who the cron user executes as.
>
> As I said, not 100% sure this is your problem, but I do know you'll have
> problems having generic users sync up their roles unless you do this
> permissions escalation.
>
>
>
> On Feb 5, 2008, at 5:46 AM, Neil Goodman wrote:
> No, how do I go about transitioning to user 1 for the save operations?
>
> Right now I just call the function and I assume the permissions would be of
> whoever is using the module at the time. How do permissions get determined
> with things like hook_cron()?
>
> Neil Goodman
>
> On Feb 4, 2008 10:44 PM, David Metzler <metzlerd at metzlerd.com> wrote:
> >
> > Last time I ran into something close to this it was because of
> permissions.  Are you transitioning to user 1 for the save operations?
> >
> >
> > Might be completely off base.... but that's my experience.
> >
> >
> >
> >
> >
> >
> >
> >
> > On Feb 4, 2008, at 5:34 PM, Neil Goodman wrote:
> >
> > Hello,
> >
> > I'm currently trying to solve a bug report for my module
> (http://drupal.org/node/217639). rallycivic keeps getting a "__clone method
> called on non-object"  when he runs a function in my module. My module runs
> through a CiviCRM database and pulls out certain CiviCRM contacts that have
> membership status. The goal is to get this status synchronized to a Drupal
> role. There is a static method in the CiviCRM API called
> CRM_Core_BAO_UFMatch::getUFId(). This method will take a CiviCRM contact id
> and return its corresponding Drupal uid. I then take this list of uids and
> pass it to the user_multiple_role_edit() function. This function uses the
> user_save() function to apply role changes. I think that one of rallcivic's
> uids is causing an issue with this function. From reading the user_save()
> function's code I can see that it tries to create a new user if the uid
> doesn't exist. For some reason I think it is trying to do this on a valid
> uid, which throws a duplicate error that rallycivic has found in watchdog:
> >
> > "Location
> http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync
> > Referrer
> http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync
> > Message Duplicate entry '' for key 2 query: INSERT INTO users (uid,
> created, access) VALUES (404, 1202163268, 1202163268) in
> /home/chelmsf/public_html/includes/database.mysql.inc on line 172."
> >
> > Then the drupal_clone() function is called on a bogus object and throws
> the clone method error. At least, that is what I think is happening.
> >
> > Has anyone ran into a situation similar to this before?
> >
> > Neil Goodman
> >
> >
>
>
>


More information about the development mailing list