[Mediawiki-l] AuthPlugin always fails with fatalerroron initialauthentication

Mon May 2 15:40:11 UTC 2005

> -----Original Message-----
> From: mediawiki-l-bounces at Wikimedia.org
> [mailto:mediawiki-l-bounces at Wikimedia.org]On Behalf Of Carlton B
> Sent: Saturday, April 30, 2005 9:50 AM
> To: MediaWiki announcements and site admin list
> Subject: RE: [Mediawiki-l] AuthPlugin always fails with fatalerroron
> initialauthentication
>
> > -----Original Message-----
> > From: mediawiki-l-bounces at Wikimedia.org
> > [mailto:mediawiki-l-bounces at Wikimedia.org]On Behalf Of Brion Vibber
> > Sent: Saturday, April 30, 2005 6:08 AM
> > To: MediaWiki announcements and site admin list
> > Subject: Re: [Mediawiki-l] AuthPlugin always fails with fatal
> > erroron initialauthentication
> >
> >
> > Carlton B wrote:
> > >>It doesn't look like that should be possible, though, unless your
> > >>plugin's initUser method (which is called from LoginForm's to
> optionally
> > >>modify the user object before it's saved) looks something like this:
> > >>
> > >>   function initUser( &$u ) {
> > >>     $u = 'This will break';
> > >>   }
> > >>
> > >>If you're modifying the user object in that method, make sure
> you're not
> > >>replacing it with a non-object.
> > >
> > >
> > > Actually I didn't override this method at all.  However,
> looking at the
> > > code, that is precisely the problem.    SpecialUserlogin.php requires
> > > initUser() to return a reference to the user object.
> >
> > No, I checked this carefully when trying to reproduce your problem (and
> > successfully doing it only with the above code) -- it requires
> > **LoginForm::initUser** to return a reference. **AuthPlugin::initUser**
> > is a different function and doesn't return anything, and its return
> > value if any is never used.
>

I revisited this because it was bothering me not to know, and I think I
arrived at a solution.  After looking at the code some more, I found that
the reference to the user object was intact both before and in the call to
**LoginForm::initUser**, but was hosed afterward.  This was even if I
commented out all references to **AuthPlugin::initUser**.   At that point I
was back to the theory of generic "PHP4 does a bad job with references" and
then I thought, we can avoid this can't we?  Why does
**LoginForm::initUser** need to return a reference at all?   If you've
passed it a reference, you're operating on the copy external to the
function's scope.  So why do you need to return it and capture that value?
It's totally spurious and we could reduce our exposure to reference
mishandling by removing it.

Thus, I simply amended line 264 of SpecialUserlogin.php from this:
$u =& $this->initUser( $u );
to this:
$u = $this->initUser( $u );

And since you're passing in the value by reference, I figured we could even
do this (still on 264):
$this->initUser( $u );

Both of those solutions work repeatably, without any odd workarounds.  So I
think I'll leave it that way.

I will be glad when we can put PHP 4 behind us...

-Carlton