Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Guest posting bug [R] [C-Michael83]
#31
Yeah, done all that... if it only happened on one forum I'd just forget it, but it happens on my live forum, localhost test forum right after being reinstalled, and also someone else's forum, where I first discovered it.

Just a bit frustrating that it only seems to me me... Undecided
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#32
We'll figure it out Rolleyes

Just leave this thread alone for now
#33
This user has been denied support. This user has been denied support.
It's easier to reproduce and test if you just turn captcha off. One less thing to enter. Deleting the cookie after every try is annoying enough.

I could reproduce this in my forum and came up with a workaround, still I can't shake the feeling that this is just wrong in many ways. I found out that in newreply.php, $groupscache isn't set, and $mybb->user['usergroup'] isn't set, thus the group permission check fails (Linux 2.6.27, PHP 5.2.8, MySQL 5.0.72, Apache 2.2.10).

Here's the Patch. To apply manually, delete lines that begin with a single -, add lines that begin with a single + (with out the +- of course). Everything else is just context. The @@ is line numbers.

newthread.php may have the same issue, not tested.

--- Upload/inc/functions_user.php	2008-11-27 08:44:00.000000000 +0100
+++ mybb_1404.zip.dir/Upload/inc/functions_user.php	2008-12-20 01:16:05.857396541 +0100
@@ -52,7 +52,7 @@
 {
 	global $db;
 	
-	$query = $db->simple_select("users", "uid,username,password,salt,loginkey,remember,coppauser", "username='".$db->escape_string($username)."'", array('limit' => 1));
+	$query = $db->simple_select("users", "uid", "username='".$db->escape_string($username)."'", array('limit' => 1));
 	$user = $db->fetch_array($query);
 	if(!$user['uid'])
 	{
@@ -81,7 +81,7 @@
 	}
 	if(!$user['password'])
 	{
-		$query = $db->simple_select("users", "uid,username,password,salt,loginkey", "uid='".intval($uid)."'", array('limit' => 1));
+		$query = $db->simple_select("users", "uid,username,usergroup,password,salt,loginkey", "uid='".intval($uid)."'", array('limit' => 1));
 		$user = $db->fetch_array($query);
 	}
 	if(!$user['salt'])
@@ -575,4 +575,4 @@
 			return $lang->folder_untitled;
 	}
 }
-?>
\ No newline at end of file
+?>

--- Upload/newreply.php	2008-11-27 08:45:20.000000000 +0100
+++ mybb_1404.zip.dir/Upload/newreply.php	2008-12-20 01:17:13.378396095 +0100
@@ -289,8 +289,16 @@
 			$username = $mybb->user['username'];
 			
 			// Check if this user is allowed to post here
+			global $cache, $groupscache;
+
+			if(!is_array($groupscache))
+			{
+				$groupscache = $cache->read("usergroups");
+			}
+
 			$mybb->usergroup = &$groupscache[$mybb->user['usergroup']];
 			$forumpermissions = forum_permissions($fid);
+
 			if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1)
 			{
 				error_no_permission();
@@ -1164,4 +1172,4 @@
 	eval("\$newreply = \"".$templates->get("newreply")."\";");
 	output_page($newreply);
 }
-?>
\ No newline at end of file
+?>
#34
I don't think your fix is correct because $groupscache is loaded fine for me and you don't need to globalize anything unless your within a function.

I think the problem is, when you log in you are usually redirected via a friendly redirect. Because of the way MyBB executes it does this (it's cut-down a bit):
1) Initialize MyBB session stuff (we're a guest at this point)
2) Run the scripts (so if we're logging in, it'll do a check, we're still a guest at this point)
3) If we're good to go, we're sent with a redirect message (We're still a guest at this point)
4) New apache call, Initialize MyBB session stuff (now we're logged in)

But with the new reply it does this:
1) Initialize MyBB session stuff (we're a guest at this point)
2) Run the scripts (so if we're logging in, it'll do a check, we're still a guest at this point)
3) If we're good to go, it continues (We're still a guest at this point)

So we either need to change the "order" of MyBB initialization process (which, as far as I am concerned is out of the question) or do some sort of redirect. Any other workaround would act as a temporary hack until a real fix is in place.

So basically, all your fix does is a force reload of the usergroups cache once it's logged in, but it will still show the user as not logged in when the post is submitted on the thread reply.

Edit: Now that I think about it again, we are a bit lucky in this case. We already have in place a redirect between the reply page and the actual showthread page. So I guess in this case a simple force-reload (aka clean select) of the usergroup will work

Ryan
#35
Thank you for your bug report.

This bug has been fixed in our internal code repository. Please note that the problem will not be fixed here until these forums are updated.

With regards,
MyBB Group


Forum Jump:


Users browsing this thread: 1 Guest(s)