Make WordPress Core

Opened 10 years ago

Closed 9 years ago

#2378 closed defect (bug) (duplicate)

Multiple installs sharing a user table don't create usermeta caps for all installs

Reported by: ringmaster Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0.1
Component: Administration Keywords: has-patch
Focuses: Cc:


Assume two instances of WordPress are installed to the same database for the purpose of sharing a user table. Registering a user on one instance (using db prefix "wp_") creates both the the wp_users data and the wp_usermeta data for that user. The wp_usermeta data contains the user capabilites.

Although the user login and password will be found by the second instance, there will be no default usermeta present for that login, and so the user does not have enough capabilities to log in.

A potential solution involves setting the (wp_)capabilities metadata to the default for new users when the WP_User class attempts to load caps for that user and finds nothing. If there are no elements in the caps array, it is safe to assume that the user did not properly have his caps created, since the WP_User::set_role() implies that all users must have at least one role, and roles are stored as caps. If a user has no caps, then the user has no role, and should then be assigned the default role.

Attachments (1)

capabilities.diff (527 bytes) - added by ringmaster 10 years ago.
First fix attempt, doesn't seem to work, but provided for reference

Download all attachments as: .zip

Change History (9)

@ringmaster10 years ago

First fix attempt, doesn't seem to work, but provided for reference

comment:1 @davidhouse10 years ago

When you say they're sharing a user table, are they not sharing the usermeta table as well?

comment:2 @markjaquith10 years ago

  • Resolution set to invalid
  • Status changed from new to closed
  • Version changed from 1.2 to 2.0.1

Yeah, user table and usermeta table are pretty much a package deal. If you define one to be shared, the other should be shared as well.

comment:3 @ryan10 years ago

They share usermeta but they don't share the capabilities field due to a per-blog prefix on the field name. The same user doesn't necessarily have the same permissions on each blog. So, ringmaster's fix is needed.

comment:4 @davidhouse10 years ago

  • Keywords bg|has-patch added
  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:5 @markjaquith10 years ago

I need this fixed, but don't have the time to investigate, so I'm putting a bug bounty. $10.00 USD if a satisfactory working patch is up by 2006-02-15 00:00:00 GMT, $5.00 USD after that. PayPal only. May the best patch win.

comment:6 @Denney10 years ago

I used the fix posted by ringmaster and it has worked perfectly. I set the 'CUSTOM_USER_TABLE' and 'CUSTOM_USER_META_TABLE' defines in wp-config.php like so:

define('CUSTOM_USER_TABLE', 'users');
define('CUSTOM_USER_META_TABLE', 'usermeta');

Added the couple lines of code from ringmasters fix into the capabilities.php file and it worked like a treat. I have also modified the installation file to allow for multiple installations using the same user database.

comment:7 @denney10 years ago

You can see my patch for this here:


comment:8 @Nazgul9 years ago

  • Keywords has-patch added; bg|has-patch removed
  • Resolution set to duplicate
  • Status changed from reopened to closed

Closing as duplicate of #2622

Note: See TracTickets for help on using tickets.