[development] user_save() trying to create a duplicate user

David Metzler metzlerd at metzlerd.com
Wed Feb 6 06:04:11 UTC 2008 

Yes, thanks Moshe,  I will definitely include this technique in my  
modules.

Dave
On Feb 5, 2008, at 7:56 AM, Neil Goodman wrote:

> Thanks. Those suggestions are certainly helpful and I will try it  
> out tonight (thanks for the security tip Moshe). I think you are  
> right that permissions might be the problem.
>
> Does anyone else know what permissions cron is run under? It would  
> be nice if it ran under user 1 permissions, but I don't think this  
> is the case as this same problem is happening when my module runs  
> under cron. Can I use David's method of switching users in cron?  
> That seems counter-intuitive to me because I wouldn't think there  
> would be a user object for me to manipulate.
>
> Neil Goodman
>
> On Feb 5, 2008 9:05 AM, Moshe Weitzman <weitzman at tejasa.com> wrote:
> This is quite a dangerous operation. If you don't change back to the
> original uid, whomever calls this page gets to be uid=1 on the next
> request. There are many reasons why a page might not complete so you
> have to defend against it. Thanksfully, core now makes this easy. Just
> add a call to session_save_session(FALSE) before the user_load().
> After you are done with your save operations, call
> session_save_session(TRUE).
>
> On Feb 5, 2008 9:33 AM, David Metzler <metzlerd at metzlerd.com> wrote:
> >
> > Here's an example from my CAS module.
> >
> >         // Become user 1 to be able to save profile information
> >          $admin = array('uid'=> 1);
> >          $user = user_load($admin);
> >
> > If you're operating as a normal user you'll want to save away the  
> value of
> > the current user, become admin , do your save stuff, then become  
> the normal
> > user again. Something like:
> >
> >    global $user;
> >    $temp_user = $user;
> >    $admin= array('uid' => 1);
> >    $user = user_load($admin);
> >
> >    ... do some save stuff
> >
> >    $user = user_load($temp_user);
> >
> >
> > This of course should only be used when you're trying to circumvent
> > permissions checked by user_save() (do you have permissions to  
> modify user
> > roles for example).
> >
> > I thought there used to be code in cron.php to do this, but I  
> think I may
> > just be remembering wrong. Perhaps someone else on the dev list  
> could answer
> > the question of who the cron user executes as.
> >
> > As I said, not 100% sure this is your problem, but I do know  
> you'll have
> > problems having generic users sync up their roles unless you do this
> > permissions escalation.
> >
> >
> >
> > On Feb 5, 2008, at 5:46 AM, Neil Goodman wrote:
> > No, how do I go about transitioning to user 1 for the save  
> operations?
> >
> > Right now I just call the function and I assume the permissions  
> would be of
> > whoever is using the module at the time. How do permissions get  
> determined
> > with things like hook_cron()?
> >
> > Neil Goodman
> >
> > On Feb 4, 2008 10:44 PM, David Metzler <metzlerd at metzlerd.com>  
> wrote:
> > >
> > > Last time I ran into something close to this it was because of
> > permissions.  Are you transitioning to user 1 for the save  
> operations?
> > >
> > >
> > > Might be completely off base.... but that's my experience.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Feb 4, 2008, at 5:34 PM, Neil Goodman wrote:
> > >
> > > Hello,
> > >
> > > I'm currently trying to solve a bug report for my module
> > (http://drupal.org/node/217639). rallycivic keeps getting a  
> "__clone method
> > called on non-object"  when he runs a function in my module. My  
> module runs
> > through a CiviCRM database and pulls out certain CiviCRM contacts  
> that have
> > membership status. The goal is to get this status synchronized to  
> a Drupal
> > role. There is a static method in the CiviCRM API called
> > CRM_Core_BAO_UFMatch::getUFId(). This method will take a CiviCRM  
> contact id
> > and return its corresponding Drupal uid. I then take this list of  
> uids and
> > pass it to the user_multiple_role_edit() function. This function  
> uses the
> > user_save() function to apply role changes. I think that one of  
> rallcivic's
> > uids is causing an issue with this function. From reading the  
> user_save()
> > function's code I can see that it tries to create a new user if  
> the uid
> > doesn't exist. For some reason I think it is trying to do this on  
> a valid
> > uid, which throws a duplicate error that rallycivic has found in  
> watchdog:
> > >
> > > "Location
> > http://chelmsfordmc.co.uk/admin/settings/civimember_roles/ 
> manual_sync
> > > Referrer
> > http://chelmsfordmc.co.uk/admin/settings/civimember_roles/ 
> manual_sync
> > > Message Duplicate entry '' for key 2 query: INSERT INTO users  
> (uid,
> > created, access) VALUES (404, 1202163268, 1202163268) in
> > /home/chelmsf/public_html/includes/database.mysql.inc on line 172."
> > >
> > > Then the drupal_clone() function is called on a bogus object  
> and throws
> > the clone method error. At least, that is what I think is happening.
> > >
> > > Has anyone ran into a situation similar to this before?
> > >
> > > Neil Goodman
> > >
> > >
> >
> >
> >
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080205/ae903b88/attachment-0001.htm

More information about the development mailing list