Posted by oadaeh on February 1, 2007 at 6:03pm
Jump to:
| Project: | Sql authentication |
| Component: | sql_auth_update |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Issue Summary
I'm not sure this is not really a feature request yet. I'm curious as to why the decision was made to only allow insertion into remote databases if the site is set to allow anyone to sign up? I couldn't find any documentation on the issue, and it doesn't make any sense to me why that limitation exists. I have a private site where the only person allowed to create accounts is the administrator, and it took me a while to figure out why I was having seemingly odd behavior. After commenting out that check, I was able to successfully complete the task I was trying to accomplish.
Comments
#1
I don't know what you mean, Ive read trough the code three times, but could not locate the test you mention.
would you be so kind as to provide that information?
#2
Sorry about that. It is obscure and took me quite a while to figure it out.
In sql_auth_update.module, starting at line 24 is the following:
/* recall:* 0 only site admins
* 1 everyone
* 2 approval necessary
*/
if (variable_get('user_register', 1) == 1) {
As I'm sure you already know, the user_register variable corresponds to the "Public registrations:" setting on the admin/settings/user (v. 4.7.x) page. On my site, that is set to "Only site administrators can create new user accounts." (or 0), which means when a user administrator creates a new account, only the Drupal database gets updated. When I commented out line 29 (and the related closing brace line) the remote database started getting updated as well.
So, I was curious of that was really necessary or not. Maybe there's another issue that I'm not aware of that requires it's presence.
#3
««So, I was curious of that was really necessary or not. Maybe there's another issue that I'm not aware of that requires it's presence.»»
Yes, the thought is as follows:
If you have '0 only site admins' set, you never. Ever. want people to register on your site. With your hack, if I am not completely mistaken, people can now register and log in, without you, the admin, doing anything.
#4
Hmm, okay, I will test that out and see if it is true.