2008-11-08
og
When useacl is on and a user logs on he gets an "Access Denied", even if he has permissions.
The source of this problem seems to be the missing global $USERINFO, which is used by auth_aclcheck() to get the permissions of the user for the page.
Some time ago the session creation was done inside auth_login(), but is moved into an own function called auth_setCookie() now. Inside this function the $USERINFO is set and saved to the session, but the global-context is missing. So the session is correct but the current run does not contain the neccessary $USERINFO data, which results in an access denied.
To fix this, one should patch auth.php like:
--- auth.php.old 2008-11-08 11:00:39.000000000 +0100
+++ auth.php 2008-11-08 10:44:33.000000000 +0100
@@ -978,6 +978,7 @@
function auth_setCookie($user,$pass,$sticky) {
global $conf;
global $auth;
+ global $USERINFO;
$USERINFO = $auth->getUserData($user);