When anonymous posters go to post advertisements on my ad board, they encounter an error at random. It's very hard to reproduce and I suspect it's happening at a 1/75 ratio, I've had perhaps 5 complaints of this but never knew what it was.
Here's the query:
SELECT * from mybb_moderators WHERE ((id in () AND isgroup='1') OR ( id='' AND isgroup='0')
It doesn't like the empty list in "id in ()".
Screenshot:
http://dl.dropbox.com/u/4261278/xexes_site_error.png
URL:
http://sunwolves.com/forumdisplay.php?fid=44
Test user account: guest / guest
I think it might be related to this :
http://dev.mybb.com/issues/1386
I'm not doing anything special anywhere, can you give me any advice here?
Update: Was able to reproduce this bug consistently by posting anonymously and pressing PREVIEW to preview my post.
I'm really baffled at what to do about this, disabling the PREVIEW button for guests seems inhumane.
Any possible work-arounds or solutions?
May I ask if you have modified some files or installed some plugins? I can't find that query in my copy of the 1.6.7 release.
Having an empty IN () part of a query will force MySQL to error. The syntax is incorrect.
Open ./inc/functions.php and in the get_moderator_permissions() function (around line 1403) find this:
// Get user groups
$perms = array();
$user = get_user($uid);
Change it to this:
// Get user groups
$perms = array();
$user = get_user($uid);
if(!$user['usergroup'])
{
return false;
}
And let me know if it works.
I didn't change those files, I know better than to mess with the core functions. I checked my version and it's myBB 1.6.6 . I know that I could update the version, but if I do so, I'll loose the support for all my 18 mods, since 1.6.7 is so new - and my site relies heavily on those mods, as we're an online RPG built on myBB as a framework. Upgrading is kind of a last resort because of that.
It didn't seem to help, same error.
Do I need to refresh my cache or myBB core or something?
Here's the function now:
/**
* Return the permissions for a moderator in a specific forum
*
* @param fid The forum ID
* @param uid The user ID to fetch permissions for (0 assumes current logged in user)
* @param string The parent list for the forum (if blank, will be fetched)
* @return array Array of moderator permissions for the specific forum
*/
function get_moderator_permissions($fid, $uid="0", $parentslist="")
{
global $mybb, $cache, $db;
static $modpermscache;
if($uid < 1)
{
$uid = $mybb->user['uid'];
}
if($uid == 0)
{
return false;
}
if(isset($modpermscache[$fid][$uid]))
{
return $modpermscache[$fid][$uid];
}
if(!$parentslist)
{
$parentslist = explode(',', get_parent_list($fid));
}
// Get user groups
$perms = array();
$user = get_user($uid);
//stop if it's a guest, there are no permissions
if(!$user['usergroup'])
{
return false;
}
$groups = array($user['usergroup']);
if(!empty($user['additionalgroups']))
{
$extra_groups = explode(",", $user['additionalgroups']);
foreach($extra_groups as $extra_group)
{
$groups[] = $extra_group;
}
}
$mod_cache = $cache->read("moderators");
foreach($mod_cache as $fid => $forum)
{
if(!is_array($forum) || !in_array($fid, $parentslist))
{
// No perms or we're not after this forum
continue;
}
// User settings override usergroup settings
if(is_array($forum['users'][$uid]))
{
$perm = $forum['users'][$uid];
foreach($perm as $action => $value)
{
if(strpos($action, "can") === false)
{
continue;
}
// Figure out the user permissions
if($value == 0)
{
// The user doesn't have permission to set this action
$perms[$action] = 0;
}
else
{
$perms[$action] = max($perm[$action], $perms[$action]);
}
}
}
foreach($groups as $group)
{
if(!is_array($forum['usergroups'][$group]))
{
// There are no permissions set for this group
continue;
}
$perm = $forum['usergroups'][$group];
foreach($perm as $action => $value)
{
if(strpos($action, "can") === false)
{
continue;
}
$perms[$action] = max($perm[$action], $perms[$action]);
}
}
}
$modpermscache[$fid][$uid] = $perms;
return $perms;
}
Thank you for your help.