Phpgacl install

gutiersa wrote on Saturday, August 23, 2008:

which database name goes in each of

gacl.class.php    and
gacl.ini.php??

does db_name = gacl          in both files?

I am not able to run acl_setup.php and acl_upgrade.php succesfully. I get errors and the tables are not created. Permissions are correct as far as I can tell.

Please help!
thanks

bradymiller wrote on Monday, August 25, 2008:

hey,

What do you see in your php/apache log file when you run acl_setup.php?

-Brady

gutiersa wrote on Thursday, August 28, 2008:

I was actually not getting anything in the logs.
I turns out it was a trailing slash in the path to phpgacl, in acl.inc

$phpgacl_location = "/path to /phpgacl/";

when I removed the trailing slash, it installed and upgraded the databases.

Now the problem is that I cannot access openemr while phpgacl is enabled, either with my user (which I created) or with the admin user, which was already created.

I enabled php and apache error logging, but I get nothing.

I compared my phpgacl configuration with that from the openemr2.9.0 demo and they are identical.

I don’t know how else to troubleshoot.

incidentally, when phpgacl is enabled, the users that I have not created in phpgacl are able to access openemr  but cannot do much. Still this may be a security vulnerability.

____________________________________________________________-

which database name goes in each of 

gacl.class.php and
gacl.ini.php??

does db_name = gacl in both files?

gutiersa wrote on Thursday, August 28, 2008:

I forgot:

the only difference between my phpgacl install and the demo is that I am using mysql 5.1, and the demo site has mysql 5.0. Could this be the problem??

bradymiller wrote on Friday, August 29, 2008:

hey,
   What’s your OS?  I’d probably re-try the phpgacl installation(remove the ‘gacl’ database from mysql and re-run the setup.php script). Haven’t heard any issues with mysql 5.1. Another tool that may help is the developer appliance(what the CVS(2.9 now) demo is based on) to compare yours with a working installation; also there’s documentation in it on how it was built that may help. Check out here for more info:
https://sourceforge.net/forum/forum.php?thread_id=1860881&forum_id=202506

In the developer appliance the db_name in gacl.class.php and gacl.ini.php both use the name gacl .  I know people have had problems with needing to put the mysql passwords in both files, but that would show up in your log. I pasted the pertinent segments of these files below from the develoepr appliance.

I’d just focus on getting your ‘admin’ user working; easy to add the rest to php-gacl within openemr using the admin->acl menu(new in version 2.9). Regarding your security vulnerability issue, this acl admin menu in OpenEMR will highlight the users that are not entered into php-gacl yet.

gacl.class.php
        — Database configuration. —
        */
        /** @var string Prefix for all the phpgacl tables in the database */
        var $_db_table_prefix = ‘’;

        /** @var string The database type, based on available ADODB connectors - mysql, postgres7, sybase, oci8po See here for more: http://php.weblogs.com/adodb_manual#driverguide */
        var $_db_type = ‘mysql’;

        /** @var string The database server */
        var $_db_host = ‘localhost’;

        /** @var string The database user name */
        var $_db_user = ‘root’;

        /** @var string The database user password */
        var $_db_password = ‘’;

        /** @var string The database name */
        var $_db_name = ‘gacl’;

        /** @var object An ADODB database connector object */
        var $_db = ‘’;

gacl.ini.php
  ;
  ;Database
  ;
  db_type                 = "mysql"
  db_host                 = "localhost"
  db_user                 = "root"
  db_password             = ""
  db_name                 = "gacl"
  db_table_prefix         = ""

-Brady
 

gutiersa wrote on Saturday, August 30, 2008:

thanks so much for your reply.

I followed all your suggestions. I dropped the mysql gacl database, recreated a new empty one. Then I ran gacl setup.php, and openemr acl_setup.php and acl_upgrade.php.

I also changed the gacl.class.php and gacl.ini.php files, both to contain gacl as the name of the database.

Now when I try to log in to openemr, this is the error message I get:

ERROR: query failed: select id, password, authorized, see_auth, cal_ui from users where username = ‘admin’

Error: Table ‘gacl.users’ doesn’t exist

In retrospect, this is why I eventually changed the following line in gacl.class.php:

/** @var string The database name */
var $_db_name = ‘gacl’;

to

/** @var string The database name */
var $_db_name = ‘openemr’;

because I realized that the program is looking for a table from openemr, in the gacl database.

What to do next??
I do not know how to debug this. Nothing comes up in the http or the php error logs

gutiersa wrote on Saturday, August 30, 2008:

By the way, my os is Freebsd 7

gutiersa wrote on Sunday, August 31, 2008:

I really think there is a bug in my installation.

For some reason enabling phpgacl in my system causes the global variable $dbase (from sqlconf.php) to change to gacl from openemr. Now the program looks for all openemr tables in the gacl database, not the openemr database. I have turned on error reporting everywhere and this is my conclusion so far. I cannot use gacl with openemr2.9.0

bradymiller wrote on Tuesday, September 02, 2008:

hey,

Are you seeing these same pages with your php-gacl:
http://opensourceemr.com:2089/phpgacl/admin/acl_list.php?return_page=acl_list.php
http://opensourceemr.com:2089/phpgacl/admin/group_admin.php?group_type=aro

  As you point out there isn’t a gacl.users table (it should be looking for openemr.users). Seems like an erroneous setting somewhere in openemr and not with phpgacl. Perhaps its time to try a complete fresh re-installation of openemr.

  You could also use the ‘diff’ command to compare your entire openemr directory(and sub-directories) with the developer appliance openemr to find all the differences.

-Brady

gutiersa wrote on Tuesday, September 02, 2008:

Yes I can see the above pages, no problem.
I have downloaded both the virtual machine (both cvs, and 2.8.3) and compared with my installation.
The only difference I found was the location of phpgacl folder. In my system it’s not in the web server document root directory because of the issue of securing the gacl.ini.php file. I did use an alias statement in httpd.conf. I did try putting phpgacl in same directory as openemr, but that still not solve the issue. $dbase still gets set to ‘gacl’.

I also noticed in the new VM installation that there is not openemr directory statemets in httpd.conf (although not related to my problem)

I do believe the problem is a bug in openemr that’s related to my particular configuration.

Freebsd 7
openemr 2.9.0 (also same problem when I was using 2.8.3)
mysql 5.1
php5
perl 5.8
phpgacl 3.3.7
sql-ledger 2.8.13
postgresql 8.2

This is not the first time I tried phpgacl, I have attempted this several times and keep getting problems. This is the farthest I have gotten with figuring out what the problem is, though. I hesitate about reinstalling openemr. I have made a lot of customizations.

I am considering giving up on it, unless I can get some ideas of what else to try.

bradymiller wrote on Tuesday, September 02, 2008:

hey,

grep -r "$dbase" openemr

openemr/interface/main/calendar/config.php:global $host,$port,$login,$pass,$dbase;
openemr/interface/main/calendar/config.php:$pnconfig[‘dbname’] = $dbase;
openemr/contrib/util/express.php:fwrite($fd,"$dbase\t= ‘$dbname’;\n") or $it_died++;
openemr/contrib/util/express.php:$sqlconf[“dbase”] = $dbase;
openemr/library/sqlconf.php:$dbase    = ‘openemr’;
openemr/library/sqlconf.php:$sqlconf[“dbase”] = $dbase;
openemr/library/DBC_cron.php:    global $host, $login, $pass, $dbase;
openemr/library/DBC_cron.php:    mysql_query(“USE " . $dbase);
openemr/library/sql.inc:$database->PConnect($host, $login, $pass, $dbase);
openemr/library/sql.inc:function sqlConnect($login,$pass,$dbase,$host,$port = ‘3306’)
openemr/library/DBC_files.php:define(‘DATABASE’, $dbase );                            // database name
openemr/setup.php:fwrite($fd,”$dbase\t= ‘$dbname’;\n") or $it_died++;
openemr/setup.php:$sqlconf[“dbase”] = $dbase;

Looks like $dbase only gets defined in openemr/library/sqlconf.php :
<?
//  OpenEMR
//  MySQL Config
//  Referenced from sql.inc

$host   = ‘localhost’;
$port   = ‘3306’;
$login  = ‘openemr’;
$pass   = ‘openemr’;
$dbase  = ‘openemr’;

$sqlconf = array();
$sqlconf["host"]= $host;
$sqlconf["port"] = $port;
$sqlconf["login"] = $login;
$sqlconf["pass"] = $pass;
$sqlconf["dbase"] = $dbase;
//////////////////////////
//////////////////////////
//////////////////////////
//////DO NOT TOUCH THIS///
$config = 1; /////////////
//////////////////////////
//////////////////////////
//////////////////////////
?>

What happens when you change $dbase in this file back to ‘openemr’?

-Brady

sunsetsystems wrote on Tuesday, September 02, 2008:

One thing to watch out for is that OpenEMR uses persistent database connections.  For reasons that I do not completely understand, if you have two different databases (such as openemr and gacl) that are opened by the same database user, then PHP can access the wrong database for any given query.

So if the databases are different, make sure the database user specified in gacl.class.php and gacl.ini.php is different from that in sqlconf.php.

I usually avoid this problem and other complications by using the same database for both applications (in this case, specify something like "gacl_" for the table prefix in phpgacl).

Rod
www.sunsetsystems.com

gutiersa wrote on Tuesday, September 02, 2008:

Eureka!!

changing the mysql user for the phpgacl db did the trick.
Awsome.

Hence the mysql user for openemr and phpgacl must be different.

That is gacl.ini.php (in phpgacl) should read:

;
;Database
;
db_type         = "mysql"
db_host            = "localhost"
db_user            = "dbUser2"
db_password        = "dbPasword2"
db_name            = "gacl"
db_table_prefix        = ""

gacl.class.php (in phpgacl) should read:

    /*
    — Database configuration. —
    */
    …

    /** @var string The database server */
    var $_db_host = ‘localhost’;

    /** @var string The database user name */
    var $_db_user = ‘dbUser2’;

    /** @var string The database user password */
    var $_db_password = ‘dbPasword2’;

    /** @var string The database name */
    var $_db_name = ‘gacl’;

    /** @var object An ADODB database connector object */
    var $_db = ‘’;

and finally sqlconf.php (in openemr) should read:

$host    = ‘localhost’;
$port    = ‘3306’;
$login    = ‘dbUser1’;
$pass    = ‘dbPasword1’;
$dbase    = ‘openemr’;

where "dbUser1" and "dbUser2" must be different.

Thank you both for your help.

PD:

grep -r "$dbase" openemr

in my system says $dbase undefined variable.

and $dbase  in sqlconf.php was always openemr.

mike-h30 wrote on Sunday, October 05, 2008:

"I usually avoid this problem and other complications by using the same database for both applications (in this case, specify something like "gacl_" for the table prefix in phpgacl). "

Rod,

From your reply above I was curious if you meant that you had one database (i.e. "openemr) with the gacl tables inside the "openemr" database?  I am going to try that.  In the past I have had two database - "phpgacl" and "openemr."

-Mike

sunsetsystems wrote on Sunday, October 05, 2008:

Yes, that’s what I mean.

Rod
www.sunsetsystems.com

mike-h30 wrote on Monday, October 06, 2008:

Rod,

This worked.   Thanks!   Using same database for both applications seems to be the way to install phpgacl. 

Here is what I did on my test box:

1.  Perform clean install of OpenEMR-2.9.0
2.  Via PhpMyAdmin, I dropped openemr db created by install script and recreated openemr db ( I had to do this in order to import my production sql file via phpMyAdmin.  The import errored otherwise).
3.  Import production openemr.sql file.
4.  Set up phpgacl-3.3.7 via phpgacl install script with gacl tables inside openemr db.
5.  Ran OpenEMR "acl_setup.php"

Observation

1.  Only "admin" user was able to log into OpenEMR after performing above steps.  However, once logged in as "admin",  I was able to re-assign users to their specific ACL role via the "ACL"  tab within "Admin" section of OpenEMR.

Question

1.  Should I keep "phpgacl" directory in web root or move inside "openemr" directory?

-Mike

sunsetsystems wrote on Monday, October 06, 2008:

I would say leave it outside the openemr directory, as it’s likely you would later upgrade openemr but not phpgacl.

Rod
www.sunsetsystems.com

drbowen wrote on Monday, October 06, 2008:

From a security standpoint it is better not to have phpgacl inside the webserver pathway at all.

If your web path is

/var/www/htdocs/openemr

then the location of

/var/www/gacl

Places phpgacl further out of harms way.

Sam Bowen, MD

mike-h30 wrote on Tuesday, October 07, 2008:

Thanks for the security tip!

-Mike