PM's go to wrong user

Started by Storman™, July 12, 2009, 04:51:23 PM

Previous topic - Next topic

Storman™

Hi

A few members on my 1.1.9 forum have reported that their PM's had gone to the wrong users. At first I thought they had simply made a mistake but then a pattern emerged.

In each case they were replying to a PM.

Looking through the data within phpMyAdmin I could see that the PM's had indeed gone to the recipients that the users said they had but there was nothing else untoward. No error messages etc.

Here's an example of what I think is happening, lets say that:

Member "A" replies to Member "B" but the PM goes to Member "C"

I noticed that the user ID of Member "B" was 1224 and Member "C" was 122

The same thing was reported by another member and in this instance the user ID of the intended recipient Member "B" was 975 and the actual recipient was Member "C" whose user ID was 97

Hope I haven't baffled you but in each instance it appears the last digit was removed from the intended recipients ID and consequently it ended up going to someone else.

It certainly isn't a global issue and I'm not sure yet whether it only happens with certain replies (not new PM's).

I can't see this anywhere else on the forum so I wondered if anyone has any ideas ?

Any info/advice appreciated  ;)


Norv

Please post as attachments your files /Themes/your_theme/PersonalMessage.template.php, /Themes/default/PersonalMessage.template.php and /Sources/PersonalMessage.php.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Storman™

Many thanks for your quick response.

Files attached, but my theme does not have a PersonalMessage.template.php so I assume it's using the default file ?

Norv

What mods do you have installed?
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Storman™

1.   RSS Feed Icon    1.1
2.   Aeva ~ Auto-Embed Video & Audio

Norv

I see nothing wrong with the files at first sight (but I'm tired, will check again tomorrow), however, since the two mods don't edit anything in these files, please consider to upload fresh copies of both from the installation package for 1.1.9, replacing your files. (the two files attached).
Please let us know if it eventually helps.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Storman™

Just downloaded another copy of the 1.1.9 full package and compared PersonalMessage.template.php and PersonalMessage.php with my copy using WinMerge, and they were identical with no variations.

Uploaded new copies to my forum anyway but don't think there's a file discrepancy issue.

;)

Norv

Do you have a .htaccess file in your forum directory?

How many times did it happen, to how many users, are there any possible commonalities between them?
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

SleePy

Can you confirm if you have a pm sent to you, that replying to it does the same thing?

Does the url that you reply to appear to be broken? or is it only after you click it that it doesn't find the right member?
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

Storman™

Well I've just tried this with a test account but my userid=1 and the other account was userid=7 so that might not have been a good test.

It worked fine by the way and the url looked OK and not broken.

I'll create some new test accounts which will have four figure userid's and try that then feedback tomorrow.

Incidently, I have a feeling that the members who reported this are using IE8 and I wondered if some sort of auto-complete was happening in the url or something similar ?? Just a hunch ??

Storman™

QuoteDo you have a .htaccess file in your forum directory?

Yes

QuoteHow many times did it happen, to how many users, are there any possible commonalities between them?

So far three members have reported this and in each case the actual recipient userid number appears to be as per my first post e.g.

sent to user 1224, but user 122 receives it


QuoteCan you confirm if you have a pm sent to you, that replying to it does the same thing?

My replies to PM's seem Ok. They are reaching the correct recipient.

QuoteDoes the url that you reply to appear to be broken? or is it only after you click it that it doesn't find the right member?

Please note that PM's work fine for me even when tried with several test accounts.

Consequently, this is not a problem for all users, it only appears to be affecting a few people.

Norv

Quote from: Storman on July 12, 2009, 06:30:24 PM
Well I've just tried this with a test account but my userid=1 and the other account was userid=7 so that might not have been a good test.

It worked fine by the way and the url looked OK and not broken.

I'll create some new test accounts which will have four figure userid's and try that then feedback tomorrow.
Yes, please do. Not sure what to say at this point, but if you can replicate the problem in some way it will help.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Storman™

Well I created several test accounts and tried "new" PM's and "replies" to PM's. In all instances they worked fine.

I think there is a genuine issue here but it obviously does not affect everyone.

To be honest until I get more members complaining to backup my observations then I'm at a loss of how to proceed further. It's not a global issue but I'm certain something is amiss at times. Re-creating it though is difficult.

I think I'll just have to keep an idea on the situation for now and feedback should more members get affected.

At least this thread is now on the SMF site so should anyone have the same issue then at least it's recorded.

Aleksi "Lex" Kilpinen

Any updates on this? Have you been able to recreate the issue for yourself?
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Ibiza MF

I have the same problem on 1.1.11
It appeared out of nowhere, as I don't have any mods, and there was no updates for long time, just moved files and database to new server, but I'm not sure that it's a problem because it did not appear immediately after it.

It's very difficult to find any patter, but  I (ID: 47 ) have received few PM from member 11184 with other member names in "To:" field, recipient IDs where 4528, 9257 and they didn't received that messages.

Also, one member just complained that there is wrong sender user name in email notifications from specific sender. Displayed nick is from user 14237, but user 783 sent that PM. User names are completely different.


kat

Just a hunch.


Have you tried repairing the database?

Ibiza MF

Yes... and I didn't receive other user's PM again until now, but it was very rare occasion earlier too.
Just received PM From 11185 Intended to 2108 - both very old users so fields in DB should not be mixed up...

kat

That's odd, because going to Admin>Forum maintenance>repair errors usually fixes those kinds of problems.

Is that what you did?

Advertisement: