OK, I have a problem with a 4.7.0-beta2 site which in essence is this:
1) Users cannot change passwords
2) Administrator cannot change password
3) Editing users results in ALL roles being selected
This is practically a default site - almost nothing has been changed and the problem has me completely flummoxed. I have re-installed the site and monitored the entire process and have even tried rolling back when the error occured but to no avail.
I am so keen to get this problem resolved that I am willing to give administrator access to help solve it. The site is currently on www.v-community.co.uk and you can log in and create yourself a new account if you want to in order to test that this is true and, if you can help with the problem, please contact me for the Administrator password.
I have also 'blogged' the entire routine that I followed in setting this site up and getting to the point where the problem reoccured. You can read the blog here.
I think this is a relatively easy problem for people to encounter so perhaps the urgency is greater than just my own little site. All help is greatly appreciated.
Regards
Patrick
Comment | File | Size | Author |
---|---|---|---|
#31 | user.module_60.patch | 503 bytes | Jax |
#21 | user_edit_3.patch | 9.64 KB | chx |
#19 | user_password_0.patch | 9.53 KB | hunmonk |
#16 | user_password.patch | 7.46 KB | hunmonk |
#11 | user_submit.patch | 3.89 KB | chx |
Comments
Comment #1
Patrick Nelson CreditAttribution: Patrick Nelson commentedAll bets are off. I've found the problem and it is in version 1.543 of the user module.
This update breaks the system in the following way:
1) It is impossible to change the password (either as user 1 or as the user whose password it is)
2) Changing roles results in all roles being selected for that user.
At least, this is the result of this update on my version of beta-2 which is pretty much a standard install.
Does anyone else have this problem?
Comment #2
eaton CreditAttribution: eaton commentedI'm seeing it on a fresh install from HEAD as well.
Comment #3
eaton CreditAttribution: eaton commentedDoing some investigation, also changing the title to reflect the nature of the problem
Comment #4
puregin CreditAttribution: puregin commentedCould you provide more detail:
Which version of PHP?
What is the behaviour that you're seeing? "users cannot change passwords" is not very descriptive - what steps must I follow to duplicate this behaviour? Alternatively, step by step, what did you do, what did you expect to see/experience, what did you in fact experience.
Could this be a duplicate of: http://drupal.org/node/40384
Thanks, Djun
Comment #5
eaton CreditAttribution: eaton commentedRunning today's HEAD, with a fresh database, on a Site5 server with PHP Version 4.4.0 and MySQL 4.0.25.
Create the first account, get the auto-generated password. Log in. Go to user/edit/1 and change the password. Save.
Log out, then log in with the new password -- username/password not recognized. Reset the password, get the reset email, log in using the one-time key, change the password -- same story.
Then, go back and try to log in using the original randomly generated password from account creation -- success!
Have to investigate the issue with roles, I've only seen the password issue personally.
Comment #6
Patrick Nelson CreditAttribution: Patrick Nelson commentedpuregin,
I appreciate that "users cannot change passwords" is 'not very descriptive', as you put it, but if you read the whole of the first post, you will see a link to a blog which describes the whole process that I took which I think IS descriptive.
Comment #7
puregin CreditAttribution: puregin commentedAs a developer interested in fixing bugs, I like to see what I need to know about a bug in the issue that people file, IN ONE PLACE. Don't make me chase through half a dozen replies, and blogs on this or that server. It's a nice way to promote your blog, but not helpful to people trying to fix bugs.
Please read the guidelines for submitting issues at
http://drupal.org/node/317 and http://drupal.org/node/19279.
Thank you
Comment #8
chx CreditAttribution: chx commentedThere was a user edit form submit model conversion. It's rather trivial to see that this issue means that function user_edit_submit is botched. Let me see...
Comment #9
chx CreditAttribution: chx commentedhttp://drupal.org/node/39179 now fixes the role checkboxes problem.
Password, however reveals a much deeper problem. hook_user needs a 'submit' op, much like hook_nodeapi needed. validate validates, submit changes. The two are mixed. I do not have the time to rearrange _user_edit_validate accordingly (and put a caller line into user_user). However, it should be quite clear what's needed now.
Comment #10
Patrick Nelson CreditAttribution: Patrick Nelson commentedPuregin,
As a developer interested in fixing bugs, I like to see what I need to know about a bug in the issue that people file, IN ONE PLACE. - That's why I put in my first post, "I have also 'blogged' the entire routine". If you took a couple of seconds to click the link, you would have seen that. If you also took those couple of seconds instead of jumping to conclusions about what the blog contained, you would find that it is not a "nice way to promote your (my) blog because that is not MY blog - I put it up there because I was trying to be helpful.
I will read the guidelines that you suggested, thank you very much for pointing them out, because I AM trying to be "helpful to people trying to fix bugs" as asked for of the entire community here. If some of the developers wonder why more people haven't got involved and are helping, perhaps it has something to do with receiving rudeness and ignorance and getting their heads bitten off by people with a "holier than thou" attitude whenever they do.
To Eaton and chx, thank you for trying to help and I apologise if I didn't explain things clearly enough in my first post.
Comment #11
chx CreditAttribution: chx commentedRoles work. Passwords do not. I am pretty sure you would have problems with pictures too.
Comment #12
chx CreditAttribution: chx commentedI mean deleting pictures -- previously, validate unset them. Now you need to unset them in submit.
Comment #13
chx CreditAttribution: chx commentedGordon reports , and he is right that pass1 and pass2 needs to be elements of the forms array. Something like
Comment #14
alexis CreditAttribution: alexis commentedHi, any update on this?
Comment #15
chx CreditAttribution: chx commentedAfter talking with Dries, we agreed it's better if I finish.
Comment #16
hunmonk CreditAttribution: hunmonk commentedchx: hope i'm not stepping on your toes here, but this bug has been outstanding for awhile, and it's fairly serious--so i took a crack at a solution. attached patch integrates your previous patch, and creates a new 'password_confirm' form element so that the password fields get properly built in the form api code. also, the validation code was broken for users trying to register for new accounts, so i fixed that up. lemme know if there's anything else that needs done to get this in.
Comment #17
hunmonk CreditAttribution: hunmonk commentedComment #18
eaton CreditAttribution: eaton commentedPassword and role changes are now working (Yay!) but it's now impossible to change ANY field if pass1 and pass2 aren't entered. That means that an admin cannot add new roles without altering a user's password...
Comment #19
hunmonk CreditAttribution: hunmonk commentedeaton: indeed. i caught that shortly afterwards. now, six hours later, i think i've finally got things squared away. please test! i revamped the password_confirm form element, and moved all of the relevant form processing behavior into the element itself--much nicer :) now if you want a password_confirm form element, you just:
$form['name_of_element'] = array('#type' => 'password_confirm');
and that's it. as long as the passwords properly validate, you'll end up with:
$form_values['name_of_element'] at your disposal... :)
you even have the option of making the password_confirm element required or not, and any module can use it, since it's now a system form element.
i also temporarily fixed the user picture uploads. somebody needs to properly abstract that portion of the code, but i feel that's a seperate issue to be filed. please, let's get this committed if it tests out ok--it's been broken in HEAD for 11 days now--not good... :)
Comment #20
eaton CreditAttribution: eaton commentedRole changes are working, user pictures are working, password changes are working, and password reset emails are working. The password-confirm form element is a great re-usable element, too. Definite +1.
Comment #21
chx CreditAttribution: chx commentedChad, you are FANTASTIC! I changed the following:
Otherwise, you are the man.
Comment #22
gordon CreditAttribution: gordon commentedThis is great, +1 please commit ASAP.
Comment #23
eaton CreditAttribution: eaton commentedJust tested it on my install as well. Everything's good to go. +1
Comment #24
Dries CreditAttribution: Dries commentedCommitted to HEAD. Thanks.
Comment #25
(not verified) CreditAttribution: commentedComment #26
ax CreditAttribution: ax commentedthis patch adds a new op 'submit' to hook_user and should be documented at http://api.drupal.org/api/4.7/function/hook_user (and HEAD) and possibly Converting 4.6 modules to 4.7. marking ACTIVE until this is fixed. see also bug update documentation for hook_user, op 'submit'.
Comment #27
Darren OhComment #28
magico CreditAttribution: magico commentedComment #29
Jax CreditAttribution: Jax commentedThere is something missing in the patch. I was trying to update my birthday module to 4.7 and noticed somthing weird.
In hook_user I need to update 1 field and at the end I do
like instructed in the documentation. But afterwards the user_save() overwrites my value. A workaround was to do:
But that is not what the documentation says.
So a solution would be to change user_save() to:
So please explain if I should use unset or if the user.module should be patched? Or should the custom user fields be removed in the user_register_submit?
I know that usually extra user fields are added through profile but in this case it is not possible. Moreover, shouldn't it be possible to add user fields?
Comment #30
Jax CreditAttribution: Jax commentedComment #31
Jax CreditAttribution: Jax commentedPatch implements my proposed solution. Maybe I should start a new thread for this issue?
Comment #32
Jax CreditAttribution: Jax commentedComment #33
Darren OhIt would be best to open a new issue, since the original patch has already been committed. This issue was only re-opened to point out the need to document the change that had been made.
Comment #34
Jax CreditAttribution: Jax commentedOk. Created new issue and resetting the status of this one to what it was before I started fiddling with it.
http://drupal.org/node/85094
Comment #35
Darren OhPatch committed. Documentation request is a duplicate of issue 77459.