Support » Plugins » Hacks » Roles and Capabilities, hacked user management — can't find problem

  • Resolved chrismichaels84


    This is kinda long and complex puzzle, but I feel I need to explain the context before the problem. I’d really appreciate some fresh eyes.

    I am running a multisite wordpress install side-by-side with an Elgg installation. In order for them to share the same users (and user system), I have hacked my wordpress with a series of plugins. First, I made a DB dropin to intercept any queries for wp_users and query the Elgg table instead. Second, I took over the pluggable functions for user_meta (get, add, etc.). Third, I hacked the login functions so that when I log into Elgg, it logs the user into wordpress. All this works well.

    The issue comes when I’m trying to add new users. It first creates the user in Elgg (takes care of wp_user) stuff. Next, I run wpmu_signup_user() and wpmu_activate_signup(). I hacked wp_insert_user to pull the id from the Elgg table and not to insert the data into the wp_user table. This works fine. All the data shows up in the database.

    However, when I log into a newly created user with the role of administrator, the frontend shows me the topbar with admin privileges. When I try to go to the dashboard, I get an “insufficient permissions” die() error. Any admins I created before I started hacking work fine. I traced the die() error backwards and believe the problem is somewhere in the capabilities. When I set_role() it does what it is supposed to, but when the new user is created by WP_User to read the capabilites it loads empty fields for capabilities and roles and whatnot. Actually, I don’t think it’s loading any metadata.

    I have looked through the capabilities file and am stumped. I can’t find where the construction is querying the wp_usermeta table so I can intercept it.

    I’d be happy to show any code needed.


Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz


    You can’t find it because the table isn’t queried with a dashboard load. The capability check uses a cached user object in the global $current_user. The object has a method that reports if it’s user has a particular capability. The capabilities are loaded into the object when a user logs in. For some reason, the capabilities are not getting loaded into this object. Your best recourse is to determine why this is not happening and fix it. The only other reasonable action would be to patch the $current_user object so it contains the proper capabilities.

    Thank you, I reworked the login feature and figured it out. You are great.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Roles and Capabilities, hacked user management — can't find problem’ is closed to new replies.