CiviCRM Community Forums (archive)

civimail.cronjob.php and other utility scripts require Drupal user credentials as input to authenticate before running the script. I ran into a problem with a client where the client had deleted the CiviCRM contact record associated/uf_match'd with the Drupal user account I had set up for my CiviMail cron job. Thus CiviMail was not sending out any messages until the client complained and I tracked it down.

It turned out the Drupal user account was still valid and working, but the client had deleted the associated contact record in CiviCRM, not recognizing it. The authenticate functions in Utils/System/Drupal.php and Joomla.php check not only for a valid Drupal/Joomla user account, but also for an associated/uf_match'd contact record. It seems like this might happen in other cases accidentally.

Why check for a CiviCRM contact record? The Drupal/Joomla username/password constitute the security check - I don't see how the presence of a CiviCRM record offers additional security assurance above and beyond checking the username/password credentials. I recommend dropping that part of the code in the future. Here's the snippet from the authenticate() function in Drupal.php

while ( $row = $query->fetchRow( DB_FETCHMODE_ASSOC ) ) {
            CRM_Core_BAO_UFMatch::synchronizeUFMatch( $user, $row['uid'], $row['mail'], 'Drupal' );
            $contactID = CRM_Core_BAO_UFMatch::getContactId( $row['uid'] );
            if ( ! $contactID ) {
                return false;
            }