Authentication Issues After Upgrade To .13

Hello everyone,

I just updated from 1.1.12 to 1.1.13 and testing my website.

it seems to be working unless all is concerned about authentication.

When i login (tested multiple account) and try to request any action that check roles application return this stack error in log:




2013/01/11 22:36:21 [error] [php] Illegal string offset 'userId' (/Users/emware/Documents/Projects/windowhotel/source/framework/web/auth/CPhpAuthManager.php:73)

Stack trace:

#0 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CBaseController.php(126): require()

#1 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CBaseController.php(95): ProfileController->renderInternal()

#2 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CController.php(784): ProfileController->renderFile()

#3 /Users/emware/Documents/Projects/windowhotel/source/protected/controllers/ProfileController.php(482): ProfileController->render()

#4 /Users/emware/Documents/Projects/windowhotel/source/framework/web/actions/CInlineAction.php(49): ProfileController->actionIndex()

#5 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CController.php(308): CInlineAction->runWithParams()

#6 /Users/emware/Documents/Projects/windowhotel/source/framework/web/filters/CFilterChain.php(133): ProfileController->runAction()

#7 /Users/emware/Documents/Projects/windowhotel/source/framework/web/filters/CFilter.php(40): CFilterChain->run()

#8 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CController.php(1145): CAccessControlFilter->filter()

#9 /Users/emware/Documents/Projects/windowhotel/source/framework/web/filters/CInlineFilter.php(58): ProfileController->filterAccessControl()

#10 /Users/emware/Documents/Projects/windowhotel/source/framework/web/filters/CFilterChain.php(130): CInlineFilter->filter()

#11 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CController.php(291): CFilterChain->run()

#12 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CController.php(265): ProfileController->runActionWithFilters()

#13 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CWebApplication.php(282): ProfileController->run()

#14 /Users/emware/Documents/Projects/windowhotel/source/framework/web/CWebApplication.php(141): CWebApplication->runController()

#15 /Users/emware/Documents/Projects/windowhotel/source/framework/base/CApplication.php(169): CWebApplication->processRequest()

#16 /Users/emware/Documents/Projects/windowhotel/source/index.php(11): CWebApplication->run()

REQUEST_URI=/profile

I looked around the code to find a solution.

Site seems to be fixed if i edit the file CPhpAuthManager.php and initialize $userid = array();

Any suggestion to find out the right solution?

Thanks in advance

Emware.

I Just change CheckAccess("","") as checkaccess("",array("")) and it’s seems be ok

I know that this is an old post but I wanted to include a solution that worked for me.

PHP 5.4 caused the issue for me.

But here is the fix:

line 806 in CWebUser.php

From:


 $access=Yii::app()->getAuthManager()->checkAccess($operation,$this->getId(),$params);



To:


 $access=Yii::app()->getAuthManager()->checkAccess($operation,$this->getId(),$params=array());



If you notice in framework/web/auth/CPhpAuthManager.php

The function reads:

Note: It declares $params as an array (checkAccess($itemName,$userId,$params=array()))


   public function checkAccess($itemName,$userId,$params=array())

        {


                if(!isset($this->_items[$itemName]))

                        return false;

                $item=$this->_items[$itemName];

                Yii::trace('Checking permission "'.$item->getName().'"','system.web.auth.CPhpAuthManager');

                if(!isset($params['userId']))

                    $params['userId'] = $userID;

                if($this->executeBizRule($item->getBizRule(),$params,$item->getData()))

                {

                        if(in_array($itemName,$this->defaultRoles))

                                return true;

                        if(isset($this->_assignments[$userId][$itemName]))

                        {

                                $assignment=$this->_assignments[$userId][$itemName];

                                if($this->executeBizRule($assignment->getBizRule(),$params,$assignment->getData()))

                                        return true;

                        }

                        foreach($this->_children as $parentName=>$children)

                        {

                                if(isset($children[$itemName]) && $this->checkAccess($parentName,$userId,$params))

                                        return true;

                        }

                }

                return false;

        }



this is not a fix - after this modification the checkAccess $params parameter will always be an empty array!

small test:




function foo($arr = array(0)) {

  var_dump($arr);

}


$test_1 = array();

$test_2 = array(1);

$test_3 = array(1,2);


foo();                  // array(1) { [0]=> int(0) } 

foo($test_1);           // array(0) { }

foo($test_2);           // array(1) { [0]=> int(1) } 

foo($test_3);           // array(2) { [0]=> int(1) [1]=> int(2) } 

foo($test_1=array());   // array(0) { }

foo($test_2=array());   // array(0) { }

foo($test_3=array());   // array(0) { }