It's easier to reproduce and test if you just turn captcha off. One less thing to enter. Deleting the cookie after every try is annoying enough.
I could reproduce this in my forum and came up with a workaround, still I can't shake the feeling that this is just wrong in many ways. I found out that in newreply.php, $groupscache isn't set, and $mybb->user['usergroup'] isn't set, thus the group permission check fails (Linux 2.6.27, PHP 5.2.8, MySQL 5.0.72, Apache 2.2.10).
Here's the Patch. To apply manually, delete lines that begin with a single -, add lines that begin with a single + (with out the +- of course). Everything else is just context. The @@ is line numbers.
newthread.php may have the same issue, not tested.
--- Upload/inc/functions_user.php 2008-11-27 08:44:00.000000000 +0100
+++ mybb_1404.zip.dir/Upload/inc/functions_user.php 2008-12-20 01:16:05.857396541 +0100
@@ -52,7 +52,7 @@
{
global $db;
- $query = $db->simple_select("users", "uid,username,password,salt,loginkey,remember,coppauser", "username='".$db->escape_string($username)."'", array('limit' => 1));
+ $query = $db->simple_select("users", "uid", "username='".$db->escape_string($username)."'", array('limit' => 1));
$user = $db->fetch_array($query);
if(!$user['uid'])
{
@@ -81,7 +81,7 @@
}
if(!$user['password'])
{
- $query = $db->simple_select("users", "uid,username,password,salt,loginkey", "uid='".intval($uid)."'", array('limit' => 1));
+ $query = $db->simple_select("users", "uid,username,usergroup,password,salt,loginkey", "uid='".intval($uid)."'", array('limit' => 1));
$user = $db->fetch_array($query);
}
if(!$user['salt'])
@@ -575,4 +575,4 @@
return $lang->folder_untitled;
}
}
-?>
\ No newline at end of file
+?>
--- Upload/newreply.php 2008-11-27 08:45:20.000000000 +0100
+++ mybb_1404.zip.dir/Upload/newreply.php 2008-12-20 01:17:13.378396095 +0100
@@ -289,8 +289,16 @@
$username = $mybb->user['username'];
// Check if this user is allowed to post here
+ global $cache, $groupscache;
+
+ if(!is_array($groupscache))
+ {
+ $groupscache = $cache->read("usergroups");
+ }
+
$mybb->usergroup = &$groupscache[$mybb->user['usergroup']];
$forumpermissions = forum_permissions($fid);
+
if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1)
{
error_no_permission();
@@ -1164,4 +1172,4 @@
eval("\$newreply = \"".$templates->get("newreply")."\";");
output_page($newreply);
}
-?>
\ No newline at end of file
+?>