2007-02-17
perf
I can confirm this behaviour (tested on 2006-11-06, 2007-01-15 and on splitbrain.org which I assume runs the most recent dev version). It is not a caching issue AFAIK. Thought I filed my own bug report about this a few days ago, but now I can't find it, so here are the details again:
The problem is the following code in html_updateprofile():
if (empty($_POST['fullname'])) $_POST['fullname'] = $INFO['userinfo']['name'];
if (empty($_POST['email'])) $_POST['email'] = $INFO['userinfo']['mail'];
In auth_login() (the else clause for already logged in users), $INFO is initiated from the session:
$USERINFO = $session['info'];
However, $_SESSION is not updated in updateprofile(), and thus the email and fullename from the last login is always shown in the profile form (and every other possible place where $INFO is used).
The solution is not trivial. It is not possible to update $_SESSION in updateprofile() since the session is closed (in doku.php) before we get this far. I can see two possible solutions:
1. Use getUserData() in the else clause in auth_login() (or in html_updateprofile()) to initiate the values from the auth backend intstead of the session.
2. Keep the session open until the end of doku.php, and update the session variable at the end of updateprofile, like this:
$status = $auth->modifyUser($_SERVER['REMOTE_USER'], $changes);
if ($status) {
if ($changes['name']) $_SESSION[DOKU_COOKIE]['auth']['name'] = $changes['name'];
if ($changes['mail']) $_SESSION[DOKU_COOKIE]['auth']['mail'] = $changes['mail'];
}
return $status;
The FIXME comments in the code suggests that the second fix should be preferred. Any way, having user info both in the session and in the auth backend is a good ground for this kind of bugs, to it would be easier to maintain the code if this issue was resolved.