Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24699

update_user_record function does not specify mnethostid when updating the user table

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.9.8
    • 1.9.11, 2.0
    • Authentication
    • None
    • MySQL
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE

    Description

      Most of our users log in with external (Shibboleth) authentication. A lot of these queries show up in our MySQL slow query log.

      Count: 2  Time=1.00s (2s)  Lock=0.00s (0s)  Rows=0.0 (0), moodle[moodle]@localhost
       UPDATE mdl_user SET firstname = 'FIRST' WHERE username = 'user1@institution.edu'
       
      Count: 1  Time=1.00s (1s)  Lock=0.00s (0s)  Rows=0.0 (0), moodle[moodle]@localhost
       UPDATE mdl_user SET lastname = 'LAST' WHERE username = 'user2@institution.edu'
       
      Count: 1  Time=1.00s (1s)  Lock=0.00s (0s)  Rows=0.0 (0), moodle[moodle]@localhost
       UPDATE mdl_user SET email = 'user3@institution.edu' WHERE username = 'user3@institution.edu'
       
      Count: 2  Time=1.00s (2s)  Lock=0.00s (0s)  Rows=0.0 (0), moodle[moodle]@localhost
       UPDATE mdl_user SET institution = 'institution.edu' WHERE username = 'user4@institution.edu'
       
      Count: 1  Time=1.00s (1s)  Lock=0.00s (0s)  Rows=0.0 (0), moodle[moodle]@localhost
       UPDATE mdl_user SET idnumber = '123456789' WHERE username = 'user5@institution.edu'

      We tracked down these queries to a set_field function call in the update_user_record function in moodlelib.php. The user table has a unique key on the (mnethostid, username) pair but not on the username field alone. It also makes sense that (mnethostid, username) is unique and username is not, because users across different MNet sites can happen to have the same username. The set_field function call should have specified the mnethostid together with the username but it does not. Our site does not use MNet but if it did, the function call could have incorrectly updated records of more than one actual user.

      The same logic exists in the code we are using (1.9.8) as well as in MOODLE_19_WEEKLY and HEAD.

      Also, the update_user_record function updates multiple fields of a user record by calling the set_field function multiple time. They can be replaced with a single update_record function call.

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              wkchan Kai Chan
              Nobody Nobody
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              6 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                24/Nov/10