I recently added webserver auth to my drupal setup. On a clean install, the module works really well (great job - it was exactly what I needed!!). When I add webserver_auth to an existing setup I recieve the following error:

warning: array_keys() [function.array-keys]: The first argument should be an array in C:\Program Files\xampp\htdocs\modules\user.module on line 348.
warning: implode() [function.implode]: Bad arguments. in C:\Program Files\xampp\htdocs\modules\user.module on line 348.
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT DISTINCT(p.perm) FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in C:\Program Files\xampp\htdocs\includes\database.mysql.inc on line 120.

I'm using Apache 2.2 on a XP box to authenticate against an AD server. I'm using drupal and mysql. I'm also using taxonomy access and taxonomy...

CommentFileSizeAuthor
#1 webserver_auth_init.patch.txt1.8 KBjsloan
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jsloan’s picture

This happens when you have user settings set to "Only site administrators can create new user accounts."

The reason for this is because webserver_auth uses the GLOBAL $user as a result for the call to user_external_load()

 // try to log into Drupal. if unsuccessful, register the user
 $user = user_external_load($account->name);

but if the user does not exist the function returns 0 and the GLOBAL $user object is set to equal 0.

Now that we have clobbered the $user object the function user_access() can't see the variable $account->roles and this is the cause of the error. (note: if $account is_null $account = $user)

proposed fix:
- change from $user to $webserver_auth_user = user_external_load()
if $webserver_auth_user is FALSE then create a new account if enabled and the $user object is recreated
ELSE assign $user = $webserver_auth_user

$user = user_external_load($account->name);
if (!$user) {
   // create new account code is here
else{
  $user = $webserver_auth_user;
}

This will fix the error you are seeing.

But this brings up a completely different problem.
From my investigation it seems that webserver_auth will auto-login only external accounts. So you can't use local created accounts! For this module to work you must have an account record in the authmap table.

I think that this is unnecessary and I think that user_load() should be used instead of user_external_load()

I also do not want every visitor to have an account created automatically so I recommend that an additional variable called "webserver_auth_create_user" be set to either TRUE or FALSE. This way I can allow users to create their own account manually and then they will auto-login when they return.

On our Intranet we use the LDAP_Integration module for authentication and upon the initial login the user account is created. This way NTLM authenticated users can remain anonymous visitors to some sites and join when they first login.

proposed changes:
- use user_load() instead of user_external_load()
- add system variable "webserver_auth_create_user" to settings
- add the test for "webserver_auth_create_user" when an unregistered user is found

$webserver_auth_user = user_load(array('name' => $account->name));
if (!$webserver_auth_user) {
  if (variable_get("user_register", 1) == 1 && variable_get("webserver_auth_create_user", 0)) {
    // create new account code is here
  }
else{
  $user = $webserver_auth_user;
} 

the attached patch will do all the proposed items when applied to Webserver Auth 4.7.0

comments and corrections are expected!

jsloan’s picture

... yes - the first code snippet was wrong, it should be like this:

$webserver_auth_user = user_external_load($account->name);
if (!$webserver_auth_user) {
  // create new account code is here
else{
  $user = $webserver_auth_user;
}
moshe weitzman’s picture

Status: Active » Closed (duplicate)

i believe this was just fixed today in a different issue.