Pages: (2) 1 2  ( Go to first unread post ) Add ReplyNew TopicNew Poll

 User ID mixup, Bug in the admin cp
#
Hey, we seem to have a sudden bug in our site, and I'm not sure if any other forums have it, but yeah... Anyway, so my mods report to me the following that I also checked myself;

- Started yesterday with user profiles out of nowhere.
> Avatar images breaking or the image urls directing something else, or mixing with other users
> User information mixing together with other members infos
> This could all be seen on the site itself
> Problem appears to be gone mostly now, but image url switches and breakings keep happening still

One of my co-admins noticed this also happened to notice it's also mixing the user information between users in the admin cp. Like I could search members, type in one of my accounts, and it has someone else's email other than mine and all the other user information that's not mine. Some of the accounts are correct, but it seems a lot of them aren't? I'm not entirely sure what's going on.

Also, the same co-admin points out to me that when she moves or locks threads the images within the thread break for her. (This I'm not entirely is related to the bug issue itself, as my other mod claims she can see the images just fine unlike the co-admin.)

We haven't tweaked the site code over a month so the code itself shouldn't be the issue. Not to mention when it's in the admin cp... It sounds like jcink issue to me?

You can find our forum from http://priorixincantatem.jcink.net/ if you need to come around to poke it.

Thanks for your time and effort beforehand!
PM
#
QUOTE
> Problem appears to be gone mostly now, but image url switches and breakings keep happening still


I had a look at the profiles and a lot of them are hosted externally. If one of the image hosts is having a problem with their routing, you would see this issue.

I suspect the above is the issue, but of course it's hard to say what is going on without being able to view the issue live. I viewed a couple profiles and then came back. The avatar images and user data within them did not change for me.

QUOTE
Also, the same co-admin points out to me that when she moves or locks threads the images within the thread break for her. (This I'm not entirely is related to the bug issue itself, as my other mod claims she can see the images just fine unlike the co-admin.)

We haven't tweaked the site code over a month so the code itself shouldn't be the issue. Not to mention when it's in the admin cp... It sounds like jcink issue to me?


This is not a known issue with the service (and not something that 'happens' either). There could be other reasons why the email on the accounts doesn't match. I would change them to be accurate and see if it changes again.

signature
email: admin@jcink.com :: blog: John C.
#
Alright, I gained a little more information, and I come forth with screenshots to explain the issue better. This mess is far more than a problem with one email right now. It's kind of... everything. Help. Help.

user posted image

After talking with my co-admin and exchanging experiences with the issue, we've come to notice it's a single user ID overwriting some other user IDs for some reason. And we don't know why this is happening.

On site this can be seen as well, for example with this particular ID information where it should be and where it shouldn't be, which would be one of my own accounts.

The account that overwrites the others currently:
user posted image
Link: http://priorixincantatem.jcink.net/index.php?showuser=6

Exhibit A:
user posted image
Link: http://priorixincantatem.jcink.net/index.php?showuser=9

Member groups appear to be fine, but everything else... everything else is a mess. Basically, everyone's now mostly Duellung Club Captains with 50 points, and with Derek's user email, and everything else.

Regarding the user profile image that is hosted externally, that is coming from user named Getsu, and it seems to overwrite itself a lot in different users. Sometimes it disappears, and but re-appears again.

My co-admin also took a picture of Jayden's editing window from admin cp and it gives us the editing options of one of our other member's, Natalie's, information. Member group included.

And when clicking the links for example in Jayden's profile, the application leads to the application of Keith Grayson, and tracker to Noctis the Devious' character tracker.

The biggest issue is that all this is happening in admin cp. Mostly on the site, things appear normal except for few examples like I shared. But when we go to the admin cp, everything is a mess there.

We also poked the admin cp a bit to see what happens, like you said about the email. My co-admin changed the duelling club captain to simply derp, while I checked the user profile on the site. One the site, it changed to derp. But on the admin cp, it refreshes back to duelling club captain.

InCausa - Today at 3:29 PM
yep
and now another issue
I changed glesni's position
and tried it on dano's too
mine and his e-mails in CP were fine. As soon as I edited it, it went to being the e-mail we all have
which is originally from noble
I have a feeling the more edits we attempt, the more it breaks
man if database is effed up
...welp
rip
cause there are no visible backups


One of our computer savvy friends proposed it sounds like a database screw up, or possily SQL.

Also more information about how it all seemed to have started:

InCausa - Today at 3:49 PM
aye well this time we explained as much as we could tbh idk how else to describe something you have no idea what it is
should I let people know we have issues and some things like adding points will be postponed?
Wicked - Today at 3:52 PM
Yeah, please do. I'm thinking of approaching Noble to ask when was the last time he edited his profile to see if anything significant happened there since his profile seems to be the main issue.
InCausa - Today at 3:53 PM
aye it started after I tried to edit Derek after I locked the thread and wanted to add points
might be a coincidence that he was the first on the list
but yeah maybe is better to ask and make sure
and will let them know no worries
now I can't remember exactly who's image broke first cause that might be the actual beginning of the issue as well
Wicked - Today at 3:56 PM
So it started with Derek? :thinking:
InCausa - Today at 3:56 PM
basically, this is how it went:
1. Avi broke (can't recall who's need to check) after I locked their app I think so I asked them to fix it so they did
2. More avis continued to break now every time I locked the thread spreading to older users too like you and fonz
3. I opened admin CP to add points for finished thread and that was the first edit after image breaking and it was Derek
4. after editing few of them I noticed all of a sudden everyone is a duelling captain in CP so I went to check and I noticed the reoccurring number of points and posts and whatnot that made no sense compared to posting stats and crap
5. I accepted keith and all of a sudden natalie's info is all over the place
6. I try to edit, every time I do, those that weren't broken break and copy the data screw up
7. and now that I tried to do edits on Dano, now his MSN status is on everyone's page too
InCausa - Today at 4:00 PM
so basically might be even since that first broken image that it started to copy the data issue to other
Day - Today at 4:02 PM
dropping real quick to say that it might be Ashley's image that broke down first when her app was locked and moved
Day - Today at 4:03 PM
Her account was also one that even tho her profile was supposed to be empty, after she was locked and moved had Keith's info in it (Might've been Derek, but I'm pretty sure it was Keith's info)
InCausa - Today at 4:04 PM
alright I am going through mod logs to see if I can remember
InCausa - Today at 4:05 PM
also it wasn't Ash because Keith broke as well before her
InCausa - Today at 4:06 PM
okay I think Keith broke first
because Flandre was just fine
Wicked - Today at 4:07 PM
Is it always the same naruto gif?
InCausa - Today at 4:09 PM
aaand now my avi broke too :joy:
Wicked - Today at 4:09 PM
...
InCausa - Today at 4:09 PM
aye same naruto gif


Aaaand further problems...


InCausa - Today at 4:32 PM
also now Dano cant log in to the site
with his acc
Wicked - Today at 4:32 PM
what
InCausa - Today at 4:33 PM
because
now
his password is prooobably actually noble's pass
Wicked - Today at 4:33 PM
oh my goddddddddddddddddddddddddddddd
InCausa - Today at 4:33 PM
this is SO BAD
InCausa - Today at 4:34 PM
yeah this is not his pasword
it has one case extra
and now that I think if it everyone has the same password now
I crap
you
not
EVERYONE
has the same pass
InCausa - Today at 4:40 PM
omg man
this is a legit meltdown
this is now a security problem too. I am worried if anyone signs out they might not sign in again if passwords are indeed completely changed
InCausa - Today at 4:47 PM
also Dano requested pass reset and never received an e-mail for it so rip there too


Any ideas, Sir? Is there anything we can do?

This post has been edited by Wicked: Feb 28 2018, 09:48 AM
PM
#
It looks like I am going to need Admin CP access to try some things myself. Please elevate the 'test' account as that is mine to Admin.

I have some questions:

QUOTE
2. More avis continued to break now every time I locked the thread spreading to older users too like you and fonz


Which thread was this. can it be linked?

QUOTE
InCausa - Today at 4:34 PM
yeah this is not his pasword
it has one case extra
and now that I think if it everyone has the same password now


When they say it has one case (letter?) extra they mean their password then or dano's?

I noticed user ids: ('6','9','10','14','27','53','52','71') shared the data of "played by natalie" and the phrase "I didn" in their profile. Not a single one of these users has the same password hash so that's good.

Still, we need to figure out what's really going on here.

signature
email: admin@jcink.com :: blog: John C.
#
Thank you. I have elevated the Test account into admin as you requested.

QUOTE

2. More avis continued to break now every time I locked the thread spreading to older users too like you and fonz

Which thread was this. can it be linked?


QUOTE
InCausa - Today at 4:34 PM
yeah this is not his pasword
it has one case extra
and now that I think if it everyone has the same password now


When they say it has one case (letter?) extra they mean their password then or dano's?


InCausa - Today at 7:51 PM
okay so there is a chance password is only visibly the same but then that doesn't explain why Dano couldn't log back in with his password
and as for threads, I noticed significantly in the finished thread of second week of DADA. Once I locked it many of avis broke as well
but as I said it first appeared while locking the apps
but aye the best is for him to have a look
cause again we are basically clueless
Wicked - Today at 7:56 PM
Can you please link the said thread
InCausa - Today at 7:58 PM
http://priorixincantatem.jcink.net/index.php?showtopic=145
that's the first thread I locked and after I noticed issues other than avis as well
InCausa - Today at 8:00 PM
so first locked app that showed issues was Keith's and first thread that was locked and showed issues is this one
I checked all other previously locked threads but they were already affected so there is no telling did they have issues prior or not
tho I doubt it

This post has been edited by Wicked: Feb 28 2018, 01:05 PM
PM
#
I've been looking around the board and can't find anything conclusive so far. I did the following:

1. Changed jayden's avatar image to a placeholder and modified their quote
2. Changed derek hoffman's quote
3. Created a backup so I have a reference point to look at when/if anything changes again. You are welcome to download it as well.

I tried:

Editing information in the admin cp
Looked for malicious scripts
Locked/unlocked that thread

Nothing yet.

QUOTE
We also poked the admin cp a bit to see what happens, like you said about the email. My co-admin changed the duelling club captain to simply derp, while I checked the user profile on the site. One the site, it changed to derp. But on the admin cp, it refreshes back to duelling club captain.


This is opposite to my experience at least at the moment. I can see where the account's title was changed to Derp on Jayden. This change is reflected for me in the Admin CP + main profile. I tested with this account: Dmitry Voronin which was also affected by this issue and changed it successfully to just "Testing."

One last thing I did was check the database tables themselves for any corruption. It didn't find any. I ran a repair anyway, and it said "REPAIR: OK", which it does regardless whether there's damage or not but I figured it couldn't hurt for good measure. SQL table damage doesn't cause issues like this but at the moment we don't know what the root cause of your issue is so we'll try everything just to be safe.

signature
email: admin@jcink.com :: blog: John C.
#
Thank you for your efforts, John.

I told my co-admin to just "continue as normal" and report me anything she notices since it seems we just need more information to study what's going on. I earlier asked all the members to halt with any possible edits, but I'll tell them to go around and try changes, and report to me the moment they notice something that may seem off.

I'm just kind of sitting here with my fingers crossed this is something that just goes away by itself. The problems rarely do that but hey, one can hope.

I'll tell also all the members to check their profiles and try and fix them up who have the error and tell me what happens.

Otherwise, I'll keep you posted if anything comes up. I'll also tell you if the issue just somehow resolves itself so we can just smooth this one out and never know what happened to start it, exactly.
InCausa - Today at 9:20 PM
aaand there is an issue
Wicked - Today at 9:21 PM
Report to me, Lieutenant.(
InCausa - Today at 9:23 PM
okay so everything was fine. then I entered quinn into Admin cp to put them in hufflepuff. on the first page, e-mail was showing fine. Then I opened edit page and changed "member" to "Hufflepuff". Rest of details we had issues with showed there as well (duelling captain, password, natalie's details etc.) I clicked EDIT and after just to check, I typed quinn in search again and THIS TIME on the first page the e-mail was changed to noble's and when I refreshed app on the site, avi broke
http://priorixincantatem.jcink.net/index.php?showtopic=275
as presented

Now one of my mods also shared me a screenshot, asking me about the account issue. It seems like that one account's email is now visible for them as well.

https://cdn.discordapp.com/attachments/3711...297/unknown.png
InCausa - Today at 9:27 PM
every profile that was edited after flandre was added is messed up
okay so basically flan has an ooc acc that is actually her sub acc Getsu that has this avi that keeps showing all over the place. after they got accepted, all avis kept turning into that dude ashley included
and SOMEHOW for SOME reason crap was triggered in a way data kept duplicating. Recently after
I locked the thread with Benyamina in it as finished
and proceeded to add points in Admin cp
first on the list happened to be Derek
Ii tried to edit him and few other later on when I noticed something was off
then I got back to ALL profiles edited in any way after Flan added theirs and they all seemed to be affected with the same issue
it is just by chance Derek's details are all over the place. if I perhaps had raina first, I iamgine it would be hers


And then some member experiences:

Noctis the Devious - Today at 10:09 PM
Weird I went to edit my CP and it showed new infofmation from what it was originally displaying(edited)
Lyka Sayaxi - Today at 10:09 PM
idk if this detail helps with troubleshooting but in regards to the "avoid logging out in case you can't log back in", I think the system force logged me out by itself :"D
Noctis the Devious - Today at 10:09 PM
Logging in through your OOC account works
Day - Today at 10:09 PM
Did you try to log in again Lyka?
Noctis the Devious - Today at 10:09 PM
At least for me it does
Lyka Sayaxi - Today at 10:10 PM
yhe, and I guess i'm one of the victims who got their pass changed :"D
Day - Today at 10:10 PM
I've set it so I never log out so I wouldn't know
InCausa - Today at 10:10 PM
bloody hell

This post has been edited by Wicked: Feb 28 2018, 03:11 PM
PM
#
QUOTE
Otherwise, I'll keep you posted if anything comes up. I'll also tell you if the issue just somehow resolves itself so we can just smooth this one out and never know what happened to start it, exactly.
InCausa - Today at 9:20 PM
aaand there is an issue
Wicked - Today at 9:21 PM
Report to me, Lieutenant.(
InCausa - Today at 9:23 PM
okay so everything was fine. then I entered quinn into Admin cp to put them in hufflepuff. on the first page, e-mail was showing fine. Then I opened edit page and changed "member" to "Hufflepuff". Rest of details we had issues with showed there as well (duelling captain, password, natalie's details etc.) I clicked EDIT and after just to check, I typed quinn in search again and THIS TIME on the first page the e-mail was changed to noble's and when I refreshed app on the site, avi broke
http://priorixincantatem.jcink.net/index.php?showtopic=275
as presented


Right -- I see the issue just happened, again, today. Weird. This time the data clearly wasn't copied from Derek Hoffman either. Otherwise it would have taken some of the test data long with it.

I restored quinn's account data from the backup.

I then tried following that same path of editing their profile in Admin CP to put them in hufflepuff. Tried this a few times switching them in and out of the members group to see if I could get this to trigger and I couldn't. Really not sure what to make of this at all to be honest. If I had made some change to the code base recently that would have caused this it'd make sense but it hasn't been touched really.

No matter how many times I edit quinns account now, the issue doesn't occur. Try editing it now, does it occur?

signature
email: admin@jcink.com :: blog: John C.
#
Okay. Okay...

You can't trigger it. And I tried. I can't trigger it. So it got me turning to In Causa...

And I told her to poke it while I was watching. She simply moved Quinn from Hufflepuff to Member group.

And immediately the profile broke.

So it's something with her staff account, I think. She's been editing all these accounts in the past couple of days when thing started happening. All the accounts that have the errors have been edited by her.

I tested editing accounts myself, and nothing happens. I kind of want her to poke unaffected accounts more to confirm this, but at the same time, I just want her to NOT TOUCH ANYTHING. Because whatever it is, she's spreading it through admin CP edits.

I don't understand what this could be and why. I keep asking her if she remembers anything out of the ordinary when these errors started, but she can't say there was anything that stood out for her.

Just a moment, we're testing around her account. I updated one of her sub-accounts into admin and watched her edit something again. Same broken result.

She's made a wholly new account (under different email also, named it Herp-A-Derp) that I updated into admin, and she tried the same thing. Simply moving a member group which has triggered the result... and it happened again. So it's something with her. We don't know what. We don't know why.

This post has been edited by Wicked: Feb 28 2018, 06:04 PM
PM
#
Whatever it is, it shouldn't be happening. Our system shouldn't be allowing this to happen. At least though we have leveled down what's going on -- I think. You're not being hacked. Which is good. And I'm glad we have something repeatable since I can attach some logging to it.

This is so weird. Let me think about this and get back to you.

Curious -- what's her browser?

signature
email: admin@jcink.com :: blog: John C.
#
We tested these same things with different browsers. She was using Google Chrome. She tried Mozilla Firefox next.

And then nothing happened! I told her to test both with In Causa and Herp-A-Derp accounts. Neither of them triggered it.

So the combination to the triggered effect is when she's using her accounts through Google Chrome. What's up with that???
PM
#
QUOTE (Wicked @ Feb 28 2018, 07:22 PM)
We tested these same things with different browsers. She was using Google Chrome. She tried Mozilla Firefox next.

And then nothing happened! I told her to test both with In Causa and Herp-A-Derp accounts. Neither of them triggered it.

So the combination to the triggered effect is when she's using her accounts through Google Chrome. What's up with that???


I will implement some logging on the member edit page and get back to you. I'll try to find out what's going on.

signature
email: admin@jcink.com :: blog: John C.
#
Thanks, John.

Me and In Causa are withdrawing for tonight, however. We're in East-European time zone and it's getting 2 AM for us, so we'll see more about this tomorrow when we've got time. In Causa said she'll be fixing the profiles through Mozilla tomorrow until you know what's going on, and what we can/should do about it.
PM
#
I've attached a logger to the member edit form. Please have her try to edit someone via Admin CP so I can check the results.

signature
email: admin@jcink.com :: blog: John C.
#
I told her to try it out on the Google Chrome again (she's been using Mozilla all day) and it still gives the same broken result. She edited Felix Butler (one of her own accounts) for that, breaks still the same way as everything else did yesterday before switching browsers.

We're currently fixing everything manually and trying to reach the current users who can't log into their accounts anymore through Discord. We told the people to halt whatever they're doing in case they might lose their posts for bringing stuff back from backups just in case. Do you think I can give them the go start doing things again normally?

Also, she sends this.

InCausa - Today at 10:09 PM
okay I'll check my extensions too after I finish this so will let you guys know if I find anything there creating issues. This seems like auto fill but how it got here, no idea

This post has been edited by Wicked: Mar 1 2018, 03:16 PM
PM
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Bug Reports | Next Newest »

OptionsPages: (2) 1 2  Add ReplyNew TopicNew Poll