I am not able to run acl_setup.php and acl_upgrade.php succesfully. I get errors and the tables are not created. Permissions are correct as far as I can tell.
I was actually not getting anything in the logs.
I turns out it was a trailing slash in the path to phpgacl, in acl.inc
$phpgacl_location = "/path to /phpgacl/";
when I removed the trailing slash, it installed and upgraded the databases.
Now the problem is that I cannot access openemr while phpgacl is enabled, either with my user (which I created) or with the admin user, which was already created.
I enabled php and apache error logging, but I get nothing.
I compared my phpgacl configuration with that from the openemr2.9.0 demo and they are identical.
I don’t know how else to troubleshoot.
incidentally, when phpgacl is enabled, the users that I have not created in phpgacl are able to access openemr but cannot do much. Still this may be a security vulnerability.
hey,
What’s your OS? I’d probably re-try the phpgacl installation(remove the ‘gacl’ database from mysql and re-run the setup.php script). Haven’t heard any issues with mysql 5.1. Another tool that may help is the developer appliance(what the CVS(2.9 now) demo is based on) to compare yours with a working installation; also there’s documentation in it on how it was built that may help. Check out here for more info: https://sourceforge.net/forum/forum.php?thread_id=1860881&forum_id=202506
In the developer appliance the db_name in gacl.class.php and gacl.ini.php both use the name gacl . I know people have had problems with needing to put the mysql passwords in both files, but that would show up in your log. I pasted the pertinent segments of these files below from the develoepr appliance.
I’d just focus on getting your ‘admin’ user working; easy to add the rest to php-gacl within openemr using the admin->acl menu(new in version 2.9). Regarding your security vulnerability issue, this acl admin menu in OpenEMR will highlight the users that are not entered into php-gacl yet.
gacl.class.php
— Database configuration. —
*/
/** @var string Prefix for all the phpgacl tables in the database */
var $_db_table_prefix = ‘’;
/** @var string The database type, based on available ADODB connectors - mysql, postgres7, sybase, oci8po See here for more: http://php.weblogs.com/adodb_manual#driverguide */
var $_db_type = ‘mysql’;
/** @var string The database server */
var $_db_host = ‘localhost’;
/** @var string The database user name */
var $_db_user = ‘root’;
/** @var string The database user password */
var $_db_password = ‘’;
/** @var string The database name */
var $_db_name = ‘gacl’;
/** @var object An ADODB database connector object */
var $_db = ‘’;
I followed all your suggestions. I dropped the mysql gacl database, recreated a new empty one. Then I ran gacl setup.php, and openemr acl_setup.php and acl_upgrade.php.
I also changed the gacl.class.php and gacl.ini.php files, both to contain gacl as the name of the database.
Now when I try to log in to openemr, this is the error message I get:
ERROR: query failed: select id, password, authorized, see_auth, cal_ui from users where username = ‘admin’
Error: Table ‘gacl.users’ doesn’t exist
In retrospect, this is why I eventually changed the following line in gacl.class.php:
/** @var string The database name */
var $_db_name = ‘gacl’;
to
/** @var string The database name */
var $_db_name = ‘openemr’;
because I realized that the program is looking for a table from openemr, in the gacl database.
What to do next??
I do not know how to debug this. Nothing comes up in the http or the php error logs
For some reason enabling phpgacl in my system causes the global variable $dbase (from sqlconf.php) to change to gacl from openemr. Now the program looks for all openemr tables in the gacl database, not the openemr database. I have turned on error reporting everywhere and this is my conclusion so far. I cannot use gacl with openemr2.9.0
As you point out there isn’t a gacl.users table (it should be looking for openemr.users). Seems like an erroneous setting somewhere in openemr and not with phpgacl. Perhaps its time to try a complete fresh re-installation of openemr.
You could also use the ‘diff’ command to compare your entire openemr directory(and sub-directories) with the developer appliance openemr to find all the differences.
Yes I can see the above pages, no problem.
I have downloaded both the virtual machine (both cvs, and 2.8.3) and compared with my installation.
The only difference I found was the location of phpgacl folder. In my system it’s not in the web server document root directory because of the issue of securing the gacl.ini.php file. I did use an alias statement in httpd.conf. I did try putting phpgacl in same directory as openemr, but that still not solve the issue. $dbase still gets set to ‘gacl’.
I also noticed in the new VM installation that there is not openemr directory statemets in httpd.conf (although not related to my problem)
I do believe the problem is a bug in openemr that’s related to my particular configuration.
Freebsd 7
openemr 2.9.0 (also same problem when I was using 2.8.3)
mysql 5.1
php5
perl 5.8
phpgacl 3.3.7
sql-ledger 2.8.13
postgresql 8.2
This is not the first time I tried phpgacl, I have attempted this several times and keep getting problems. This is the farthest I have gotten with figuring out what the problem is, though. I hesitate about reinstalling openemr. I have made a lot of customizations.
I am considering giving up on it, unless I can get some ideas of what else to try.
One thing to watch out for is that OpenEMR uses persistent database connections. For reasons that I do not completely understand, if you have two different databases (such as openemr and gacl) that are opened by the same database user, then PHP can access the wrong database for any given query.
So if the databases are different, make sure the database user specified in gacl.class.php and gacl.ini.php is different from that in sqlconf.php.
I usually avoid this problem and other complications by using the same database for both applications (in this case, specify something like "gacl_" for the table prefix in phpgacl).
"I usually avoid this problem and other complications by using the same database for both applications (in this case, specify something like "gacl_" for the table prefix in phpgacl). "
Rod,
From your reply above I was curious if you meant that you had one database (i.e. "openemr) with the gacl tables inside the "openemr" database? I am going to try that. In the past I have had two database - "phpgacl" and "openemr."
This worked. Thanks! Using same database for both applications seems to be the way to install phpgacl.
Here is what I did on my test box:
1. Perform clean install of OpenEMR-2.9.0
2. Via PhpMyAdmin, I dropped openemr db created by install script and recreated openemr db ( I had to do this in order to import my production sql file via phpMyAdmin. The import errored otherwise).
3. Import production openemr.sql file.
4. Set up phpgacl-3.3.7 via phpgacl install script with gacl tables inside openemr db.
5. Ran OpenEMR "acl_setup.php"
Observation
1. Only "admin" user was able to log into OpenEMR after performing above steps. However, once logged in as "admin", I was able to re-assign users to their specific ACL role via the "ACL" tab within "Admin" section of OpenEMR.
Question
1. Should I keep "phpgacl" directory in web root or move inside "openemr" directory?