Ticket #427 (reopened defect)

Opened 10 months ago

Last modified 6 months ago

Main wp-login.php not working for users other than site admin

Reported by: moorezilla Assigned to: donncha
Priority: normal Milestone: WPMU 2.0
Component: component1 Version: 2.0
Severity: major Keywords:
Cc:

Description

I recently upgraded to mu 1.2.5a from 1.2.4 and now I have a problem that may be a bug. My overall site admin account works fine, but all other users cannot login from "/sites/wp-login.php". They can only login from "/sites/username/wp-login.php".

If they try to login from "/sites/wp-login.php" they get redirected to "/sites/wp-admin/profile.php" and the page fires a "You do not have sufficient permissions to access this page" warning.

I run ubuntu feisty, php5.x, apache2.x, and mysql5.x and I've never had this problem before upgrading to mu 1.2.5a. I'm not completely sure that the upgrade caused the error, because I run mu for a small school and no one complained until today, but it definitely worked fine for me at 1.2.4 and I really haven't done anything of note recently other than upgrading to 1.2.5a. My mu uses subdirectories rather than subdomains.

This issue is mentioned in the forums, but there doesn't seem to be an available fix.

Attachments

pb_permission.patch (3.0 kB) - added by momo360modena on 10/18/07 20:13:11.

Change History

09/22/07 18:15:55 changed by lunabyte

As a note, this does not appear to affect subdomain installs.

10/17/07 14:43:12 changed by donncha

  • owner changed from somebody to donncha.
  • status changed from new to assigned.

I couldn't reproduce this with a fresh 1.2.5a install unfortunately.

Can you check the sitemeta table? Look for the "primary_blog" records. Are the corresponding values all 1? If so, you could try change them to the blog_id's of their blogs. That may help.

10/17/07 17:35:25 changed by donncha

Try revert wp-login.php to the previous version. This could be a problem with a new redirect command.

10/18/07 20:08:49 changed by momo360modena

In fact.

The problem: When an admin delete an user from a blog. capatibilites are deleted but not primary blog.

See patch for fixes.

A user without blog, will added in first blog and he is redirect

10/18/07 20:13:11 changed by momo360modena

  • attachment pb_permission.patch added.

10/22/07 17:17:15 changed by donncha

  • status changed from assigned to closed.
  • resolution set to fixed.

Thanks momo360modena, applied this in [1120], looks good!

10/31/07 16:50:17 changed by moorezilla

  • status changed from closed to reopened.
  • resolution deleted.

This problem still occurs after upgrade to 1.3. Was this patch applied to 1.3 code?

10/31/07 17:47:24 changed by momo360modena

Here: trunk/wp-admin/menu.php

You have always a blank page ?

11/02/07 23:36:45 changed by moorezilla

Not a blank page. Users other than the site admin are not redirected to their subdirectory, so they fire a "you don't have sufficient permissions" error. For example, user moore should be forwarded to /sites/moore/wp-login.php, but instead stays at /sites/wp-login.php.

11/08/07 21:27:26 changed by drmiketemp

  • version set to 2.0.
  • milestone set to WPMU 2.0.

We're seeing the same issue with users who log in and aren't assigned a blog. Workaround for us is to add them into a "dashboard" blog or the main blog as a subscriber so they have somewhere to log into.

Could have sworn that the code did this now though. I remember a fix for this a few versions ago.

11/16/07 11:40:16 changed by donncha

  • status changed from reopened to closed.
  • resolution set to fixed.

Fixed in [1152] - adding user to blog when they're created from the backend, and the redirect code now adds the user too if they don't have any blogs.

11/20/07 00:04:19 changed by moorezilla

  • status changed from closed to reopened.
  • resolution deleted.

I applied the changes at 1152, but it still doesn't work for me. Now, when users try to login at http://url/wp-login.php, they are redirected to http://wp-login.php instead of http://url/user/

My installations uses sub directories, rather than subdomains. I'm not sure if that's the issue. Also, I tried the fix and tested it with existing users. I'm not sure if this fix only works with blogs created after the fix was applied.

11/21/07 12:41:17 changed by donncha

Is it when they click on the wp-login.php link they are sent to http://wp-login.php or is it after the click "Login"? Check the form action element, and dump the $current_blog object to a file with the command: error_log( print_r( $current_blog, 1 ), 3, "/tmp/err.txt" );

Put that before the login form in wp-login.php and check /tmp/err.txt when the error happens again.

11/23/07 12:28:55 changed by moorezilla

It's when they click "login." I added the line above and it created this in /tmp/err.txt when I tried to login with a regular (rather than the admin) user:

stdClass Object (

[blog_id] => 1 [site_id] => 1 [domain] => chs.chelseaschools.com [path] => /sites/ [registered] => 2007-01-10 09:45:55 [last_updated] => 2007-05-30 08:42:42 [public] => 0 [archived] => 0 [mature] => 0 [spam] => 0 [deleted] => 0 [lang_id] => 0

)

11/23/07 12:32:23 changed by moorezilla

Also, the address bar went from http://chs.chelseaschools.com/sites/wp-login.php to http://wp-admin/ as soon as login was pressed using a regular account user BUT the admin user still works fine and logs into the dashboard fine even using the wp-login.php form.

02/01/08 19:01:01 changed by wep

Is Basic, I am install, wpmu 1.2.5a and new wordpress mu 1.3.2 with sub directories, first in wp-config-sample change wp_ prefix to 1a66z_ ( $table_prefix = '1a66z_'; ) and install from domain.com correctly but the problem is what one user create account and when login from domain.com/newblog/wp-login.php nice all good , but login from domain.com/wp-login.php redirect to domain.com/wp-admin/profile.php, because change of prefix, my solution: install with table prefix wp_ and resolute problem, now login work in front page for users and admin, now redirect fine.

the problem happens when change the table prefix wp_

02/01/08 19:53:40 changed by lunabyte

I don't agree with your solution.

A user shouldn't be forced to have wp_ as their table prefix.

While it's not easy to change, it can be changed if you know what you are doing. Therefore, logins should work as expected. Whether logging in from the main site or a users site, whether in subdomain or subdirectory mode, whether you use wp_ or something_else_ as your table prefix, the user when they are logged in (by default) should be taken to their dashboard, on their blog.

Users without a blog should be directed to the blog they have access to (1 by default, although an option in site settings would be nice).