22
No all caching is turn off.
Though when we turned on debugging we noticed that every user ends up with the exact Session ID. Anyone know why I would this be happening.
Though when we turned on debugging we noticed that every user ends up with the exact Session ID. Anyone know why I would this be happening.
23
We have found a weird issue with a site we have created. Every user receives the same session ID, is the way XOOPS is designed. In our case users become other users randomly and we believe it is do to the fact everyone is receiving the same session ID.
24
One more problem just found.
We have multiple people in the webmasters group, but now I am not able to delete them from that group.
We have multiple people in the webmasters group, but now I am not able to delete them from that group.
26
OK some bad news, after a few days of extensive testing, the problem is happening again. This is a major issue, my group has put 2 solid months into creating this portal for a school and it goes in production in 2 weeks. Does anyone have any ideas.
27
I had someone create a feature that the user places themselves in a group guring registration. It ask the user what group they belong to and places them in it.
Keep looking in the hacks, for the next few days, I will get them to also write up on how to edit and add features to the registration menu.
Keep looking in the hacks, for the next few days, I will get them to also write up on how to edit and add features to the registration menu.
28
At first we thought that also it must be something on the network. But we found that this happened within the school network, it happened at corporate networks on DSL connection, and cable connections. So we ruled out any network problems. From looking at the database we realized that everything is control by a group ID and user ID, but to have poeple moving from one to another we didnt see anything wrong with the database. What got us stump was if it was an isolated icident, why did it also happen on the test site.
here are the stats of the server.
Operating system Linux
Kernel version 2.4.20-24.9
Apache version 1.3.29 (Unix)
PERL version 5.8.1
PHP version 4.3.4
MySQL version 4.0.18-standard
here are the stats of the server.
Operating system Linux
Kernel version 2.4.20-24.9
Apache version 1.3.29 (Unix)
PERL version 5.8.1
PHP version 4.3.4
MySQL version 4.0.18-standard
29
Well it was tried on the same server, but different database and fresh install, problem happened. We do all our edit on a test site, and then move them to the main site. And this problem happened on the test site.
It could be as simple as a bad upload of the original site, but I would say this should be something to look into. Since it basically gave any user the ability to become someone and even become administrators. The only good thing was that it changed users so often a regular user never had a chance to mess with the admin panel, though it made for some interesting PMs since poeple thought they were themselves and would PM others but it would end up coming from another user. The hack fixed it, but this could be a very large security hole if its not as simple as a bad uploaded file.
It could be as simple as a bad upload of the original site, but I would say this should be something to look into. Since it basically gave any user the ability to become someone and even become administrators. The only good thing was that it changed users so often a regular user never had a chance to mess with the admin panel, though it made for some interesting PMs since poeple thought they were themselves and would PM others but it would end up coming from another user. The hack fixed it, but this could be a very large security hole if its not as simple as a bad uploaded file.
30
Some good news to report. This is not on the main site, but on our testing site, we implemented the mailuserhack in the hack downlaods, and the problem went away. So somewhere in the original Xoop core files root/modules/system/admin/mailform.php or mailusers.php there is a problem.
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | May 31 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|