Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Username Mixup Part 2

Hi, I originally started this thread http://vanillaforums.org/discussion/23354/username-mixup#latest and the issue went away. Then came a new clone, new session of the forum and it has started up again. Sorry for the repost but I posted on the other topic and it seems no one has posted anything back.

This is what I know...

Users are signing into the forum, for the first time this week. We don't carry over logins, so they are created new.

Out of 120 users, about 10 have reported that they will go in and post a reply to a comment and it will show the incorrect user account associated with the comment.

We clone clean forums, with no comments etc.

The old forums, with comments but a different name are still online.

We are using Version 2.0.18.1.

We thought we updated this forum before it went live, and we are wrong.

This is a paid forum so I need to be super careful and not jack it up.

Can anyone give me some insight as to what you'd check or someone we can hire to check it for us? Thank you!

Comments

  • I'd like to add that yes the users are using different computers from around the world.

    Their comment posts correctly, the wrong photo and user account shows next to the comment.

  • peregrineperegrine MVP
    edited September 2013

    odd problem. hard to figure out with an out of date version.

    are you using any jsconnect or other time of login. Or just basic.

    are the users, possibly using both old and new forums at the same time in the same browser.

    if so, change your cookie name in the config.php

    but ultimately, you will need to schedule some downtime. or bring up a duplicate forum
    and test with 2.0.18.8

    either upgrade in place or

    http://vanillaforums.org/discussion/24793/yet-another-vanilla-upgrade-and-duplication-tutorial

    or use some other method.

    Also explain what you mean exactly by "clone clean forums".

    with the affected users when they login - is the profile picture also messed up as in wrong profile picture and what is the userid on the affected users.

    Can you isolate the userids of the affected users is it sporadic or all in a row?

    Was it a new user table, when you cloned or a copy of a user table.

    Of the users who post and get the wrong photo and username, do they consistently get the wrong photo and user name, if so it will be easier to solve.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    UnderDog
  • x00x00 MVP
    edited September 2013

    you are not using anything like SSO, jsConnect ProxyConnect?

    grep is your friend.

  • is your cookie
    $Configuration['Garden']['Cookie']['Salt']

    unique

    grep is your friend.

    UnderDog
  • hgtonighthgtonight ∞ · New Moderator

    I am betting on duplicate Cookie Salt.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

    UnderDog
  • Hi All, thanks so much for your feedback.

    No, the strange thing is it will happen to someone like 7 times in a row, then stop and move on to another person.

    I'm going to check the salt cookie, well have my php guru do it. No we are not using SSO, jsConnect ProxyConnect.

  • it seem you are running multiple different version of the same domain with the same session cookie, which means that you are going to get a mixup of users, but not only that you won't have data integrity unless you prevent writes when you transition.

    It is unrealistic to expect users to keep the same UserID across multiple forums.

    grep is your friend.

    UnderDog
  • We don't have it setup so they keep the same UserID. They purchase access to the 12 week forum and then when it's over, we put the new forum up. We do leave the old ones up but turn everything off so they can't login.

    We do have some people who return to the forum from the previous time and they may be using the same ID.

    I bet you are right about the salt. I am waiting to hear back from our tech about it. Thank you!

    UnderDog
  • @DaniM53 said:
    We don't have it setup so they keep the same UserID. They purchase access to the 12 week forum and then when it's over, we put the new forum up. We do leave the old ones up but turn everything off so they can't login.

    We do have some people who return to the forum from the previous time and they may be using the same ID.

    I bet you are right about the salt. I am waiting to hear back from our tech about it. Thank you!

    I seems you are approaching the problem the wrong way, of course naturally you will have hanging session this way, especially with clones.

    Why was it developed in such a way where you have different forums, when you could achieve the same result with roles an permissions? There would need to be a good reason, and it is not every somethign that should be done naively.

    I'm pretty advanced with designed membership systems, payment and enterprise solutions professionally so I know what I’m talking about here.

    grep is your friend.

  • Let's split the Discussion and start ine about what you exactly want to achieve. Now find the best solution and implement it

  • Thanks! I took over the support of the forum, so I wasn't involved in the initial setup. It's a paid program that the participants use to access program documentation and interact with other people in the program. It happens twice per year and we clone because we want a clean forum each go round without any comments.

    I'm not going to be supporting this forum much longer, but have been tasked to figure out how to fix the username mixup issue.

    Another thing to note, when the people experiencing the mixup go to have their password reset, the password reset email contains the wrong ID. If I click on the same password reset link, it shows me the wrong ID...so I'm wondering if this eliminates the salt as being the cause? I would think it would go to reset her on my computer it would be fine, but bad on her computer only.

    We fixed the salt ( they were the same ) and the user went to have her password reset and still got the wrong username when clicking on the link. I clicked the link from my computer and I see the incorrect username too.

  • Did you look in the user table and see if the name matches the id you think it should be.

    it sure would be handy if you showed screenshots of profile and what the link shows.

    We fixed the salt ( they were the same ) and the user went to have her password reset and still got the wrong username when clicking on the link. I clicked the link from my computer and I see the incorrect username too.

    its too ambiguous at this point. SCREENSHOTS with examples.

    try downloading the http://vanillaforums.org/addon/memberslistenh-plugin

    and see if clicking in their produces the wrong links.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    UnderDog
  • We fixed the salt ( they were the same ) and the user went to have her password reset and still got the wrong username when clicking on the link. I clicked the link from my computer and I see the incorrect username too.

    I think the salt will certainly help. I think the main problem is you are running running two user bases and two forums which are getting mixed up, when you should really have only one. Mostly likely the link goes to your other forums, as you are 'cloning' forums.

    Even if it doesn't it is the concept of how you are managing users that is flawed, which isn't to do with vanilla itself.

    The things simply does not happen under one forum.

    Forks and custom solutions like this you have to support yourself, becuase the software is basically not the same product, it is really not up to the community to support this. it is up to the developer of those solutions, or the webmaster.

    peregrine is also right people are not goign to guess what could be the problem based on you descriptions. it is not realistic to be able to tell from that.

    This is really down to the particular solution not being up to the task, and overcomplicating what could be handled by roles and permissions, rather than switching user between different forums.

    grep is your friend.

  • @x00 although one would presume the salt would solve things.

    would emptying the sessionid table help, or looking at sessionids for problem users.
    as well as duplicate usernames in usertable, since it was manually added. I don't believe username needs to be unique if you manually import user table.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • The session table will not make a difference. Vanilla doesn't actually have that sort of sessioning.

    grep is your friend.

    peregrineUnderDog
Sign In or Register to comment.