WP 2.1 – “you don’t have permission..”

Hmm… that’s odd. I wonder why there aren’t constants used in the code for that sort of thing… (I’m sure there’s a good reason, it just seems odd to me that they don’t define constants for things like that)

It’s weird, though, because in an installation on my local dev environment, it runs fine. But up on the server, it fails. Hmm… I think we should submit this as a bug, but I’m really having trouble getting enough information to help them reproduce it… :-/

Thoughts? I hate to submit a bad bug report, but my newb-quality is leaving me with little to check on…

-sean

If it wasn’t a new install I’d say it might be related to the things described in this post…

In fact I was wrong. Heh, when activated the K2 theme the things gone back problematic. In fact the whole headache is coming from the prototype. When K2 theme is activated it replaces the HTML header and makes the link to prototype.js to points the version coming with K2 theme. The one coming with WP2.1 is prototype 1.5.0_rc0 the one w/ K2 is 1.5.0

Dunno what’s the “Big” difference in the file, but with DEFAULT theme it works okay for me, and of course when using DEFAULT prototype.js.So, this post could help in some case, but in mine (where can’t administrate categories/delete posts) – it’s a no-no!

K2 is more than just a theme. It’s a whole other beast. I suggest taking over to the K2 forums for their assistance.

I was having the same issue and with the suggestion of prototype and themes really helped out. I copied the prototype.js from wp-includes/js/prototype.js in to the K2 prototype.js.php and everything worked fine.

Hmm… no solution yet, but I’m closer.

wp-icludes/pluggable.php answers the ajax requests as well, with the line in the method check_ajax_referer which is calling wp_login with the user and password taken from the cookie. wp_login calls get_userdatabylogin, passing in the username passed to it.

On my local machine, the username in $_POST[‘cookie’] is plaintext, and so do not cause get_userdatabylogin to fail. On the remote machine, though, it’s giving a hashed username, which then causes get_userdatabylogin to return false, which leads to the AJAX request failing in check_ajax_referer.

Is this the cause of everyone else’s problems? Maybe, but I don’t really know.

Do I have a fix? No. I have no idea why one system is using the hashed username and the other is not. However, I think I now have enough information to write up a good enough bug report, and to supply more information as the devs need it.

-sean

Well I think I found the problem (at least in my case). For some reason that I do not understand, instead of just using PHP’s $_COOKIE array, the code in check_ajax_referer is manually parsing the cookie values out from $_POST[‘cookie’]. I was so focused on the wp_login call, I was dumb and glanced right over that code.

It was fixable by replacing the code

  $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
  foreach ( $cookie as $tasty ) {
	  if ( false !== strpos($tasty, USER_COOKIE) )
			$user = substr(strstr($tasty, '='), 1);
		if ( false !== strpos($tasty, PASS_COOKIE) )
			$pass = substr(strstr($tasty, '='), 1);
	}

with simply

  $user = $_COOKIE[USER_COOKIE];
  $pass = $_COOKIE[PASS_COOKIE];

This is in wp-includes/pluggable.php, lines 244 through 251 (in the function check_ajax_referer). A warning, though: I’m not a WP Dev, or even a WP guru, so change at your own risk!

As for success, though – It worked for a few test cases that I could think of off the top of my head (adding other Administrators, deleting categories, deleting posts from the Manage page, etc). Those were the problems I was having, but it seems that this is a sporadic and problem that is pretty arbitrary… However, given that the way the manual parsing was done seems a bit unreliable, I think I could see this being the problem.

I will see about posting a bug report soon.

EDIT: I feel it important to state that I very well may have gotten this wrong, and that there’s a very good reason that code was the way it was – I cannot guarantee that the change I suggest is safe or at all a good idea. ??

I have tried seanwedig’s fix and seems to be working on my site aswell. Just beware seanwedig’s warnings ??

Thank you a thousand times, this was driving me crazy. I also tried to find the problem but got stuck. Especially since sometimes it worked just because I added a debug printout!?!?

It worked for me as well. And to say it again, heed the warnings.

I appreciate the effort

Thanks for solve my problem, it worked ??

I’m glad it’s fixing the problem for more people! ??

By the way, I went ahead and entered a bug report for this item – #3807. Hopefully it will either get fixed as I suggest, or (if I’m wrong), get fixed the “right” way.

-sean

YES!!! That fixed some of my problems, now if I can get PodPress to work with 2.1!

Thank you for this fix!!!!!

seanwedig: Actually, the use of _POST or _GET [‘cookie’] would be correct. Check out line 13 of wp-ajax-js.php.

Your suggested fix will only work in certain browsers. Some browsers do not send cookies for AJAX operations.

Ah. Yes, I was afraid of that. Thanks, Otto42, for the info.

Hm… it’s obviously not working in some browsers, though (for me in particular, it was FF 2 and IE6 for which I tested)… guess we need to dig deeper.

There’s definitely something wrong, but my solution is not ideal – it’s a dirty hack to make it work for some browsers. I’m certainly open to suggestions as to how to fix the manual parsing (instead of using the COOKIE array)… need to do more diagnosing…

-sean