Hi. I found a problem causin' me often needing to restore myself row on user table in DB !!! :(

When I - admin - in the adminCP edit some user status sometimes (I can't determine exactly when, but think if I leave the page there too long and session expires... I guess) when I apply some update and press the 'save' button, the userid updated is MINE!!!, not the displayed user one !?!?!?
:confused:

Just for debug, I put in admin/user.phpan
echo "<p>Updating UserID: $userid ... </p>";
just after
if ($HTTP_POST_VARS['action']=="doupdate") {

and actually saw 'updating userid 1' .... instead - for example - 751 and so on... !!!

?!?!?

Note: just for now, to avoid I put a check which denies the self-editing data for an admin.
But I don't think it should be the best solution!!!

:)

Thanks a lot.

what version of vB are you running ?

Forgot... sorry.

v2.2.1 with some hacks....
Everyone affecting user.php checked again and again... ;)

Thanks

moved to bugs forum for verifying :)

What hacks have you got installed? I've looked at the code and can see no problems.

John

I installad +20 but almost none involved within admin/user.php ....
I can actually say it's the original version file...

Now I put this debug code to avoid the problem (I should reup at least five times in two weeks the row of my user into table with a
REPLACE INTO user VALUES.... )


//HACK: bugfix wrong user record editing

echo "<p>Admin <a href=\"user.php?s=$session[sessionhash]&action=edit&userid=$bbuserinfo[userid]\">$bbuserinfo[username]</a> (id: $bbuserinfo[userid]) is trying to update";
if ($bbuserinfo[userid]!=$userid)
echo " userid: $userid ... </p>";
else
echo " himself ...</p>";

if ($bbuserinfo[userid]==$userid ) {
echo "<p><b>Bug: Admin (self) editing branch !!!<br><br> --> NOT ALLOWED ... :-)</b></p><br>";
echo makelinkcode("Find another user","user.php?action=modify&s=$session[sessionhash]");
} else {
//HACK: bugfix wrong user record editing

just before // check that not removing last admin

... and close the '}' before lines :}

// ###################### Start Edit Access #######################

That's my temporary solution... ;)
Of course, this way an Admin couldn't edit it's own data, but ....

:p

Unfortunately I can't manage to recreate willing the event, but as said seems absolutely random.
Neither seems to be a session expiration, as I lasted the edit page for more than an hour and, when submitted, I saw the right data in my debug code...

Thanks for any help.


P.S.: could be a structural problem of multipage browser (IE 5.5)and session mixing ? Often I use more pages (open AdminCP bodies-only on new windows)... If one of them for example would be opened on a page with another $userid value ? (mine, for instance... :mad: )

Do any of your hacks involve functions, sessions, global, adminfunctions scripts?

Other windows should not affect things, unless you had another app on your domain that set a userid cookie?

John

Almost every hack affects one or more of the files you told !!!
;)

Do you want a complete list or need only the first ten ??? :D

I just need to know if you can reproduce this problem on an unhacked board. Try http://www.vbulletin.com/admindemo.html for size.

John

I know... :rolleyes:

My problem, as described, is actually I can't recreate the problem each time.... I enountered this 'phenomenon' about 6-8 times in the past month, and I'm trying to follow the hacking history...


Hwr, I got wrong pw on your admin demo forum.
Thanks again.

Think by now I'll stay with my workaround and let you know if I could fix any new boundary parameter...
Meanwhile I red will be out a minor release (2.2.2) within january. Isn't it ?

If so, I shall reapply all the hacks, I fear... With that process I'll pay more attention to stress the edit feature hack by hack.

Thanks a lot for your support.

Bye