[geeklog-devel] USER_addGroup VS SEC_addUserToGroup

Joe Mucchiello jmucchiello at yahoo.com
Thu Sep 15 11:34:42 EDT 2011

> I noticed two different functions for almost the same action.
> USER_addGroup : Add user to group if user does not belong to specified
> group (lib-user.php)
> SEC_addUserToGroup: Add user to a group (lib-security.php)
> Ben

Perfectly "logical" or at least explainable. The one in lib-user came first. Then someone decided to add a missing function to lib-security (if you read the comment, Trinity added it because it seemed like a good idea), not knowing about the one in lib-user because lib-user is only loaded by the user/profile pages, not by lib-common.

Harder to explain is the fact that copy in lib-security is used only once in the system (one would think the plugin autoinstall code must need such functionality) and worse is the copy in lib-user is not used anywhere at all.

Finally, the version in lib-security has no sanity checks, allowing duplicate grp_id, uid pairs to be put into the database. And for some reason the lib-user version doesn't allow anonymous users into groups.

There are lots of things like this in Geeklog, Ben. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20110915/fa49362a/attachment.html>

More information about the geeklog-devel mailing list