21
trabis
Re: trabis account has been hacked
  • 2008/9/5 8:58

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

ghia_ wrote:
Quote:
This is happening in preferences->mail to.
Could you specify what happens there?
Quote:
The only way I can partially solve this is using javascript as in this article:
Are you now saying that this is a browser problem? I find it hard to believe that. I could imagine that some nifty auto complete browser settings would fill in some fields, but not that fields (from different naming) get mixed.


In preference mail it replaces password and login, it will happen in all password fields (using google chrome).

I try to move fields upside down, removed all fields in admin user form.... whatever order or field I left in, as long as the password field is there, the browser will auto complete (does not have to be the interest field). I even try to rename name forms, name of fields, etc.

Strange is, the same form is used for edituser in front page where no problem occurs. Maybe some file that is loaded only in admin area is causing the problem. I though it was some admin javascript problem but I disable all javascript files and the problem persists.

I cannot find the problem, I gave up (spent 4 hours around this). Maybe this is a chrome bug, a firefox plugin bug, can´t tell.

More, I try this in all XOOPS versions since 2.0.13. Happens in all of them.

AHhh, one more thing. If you edit the source code you will see that no info is in the form. It is the browser or javascript that complete the fields. Is not a php problem.

22
ghia
Re: trabis account has been hacked
  • 2008/9/5 9:41

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


OK, that's definitly a browser problem and has nothing to do with the problem of the admin name in the interests field.
In FF3 you can erase saved passwords in tools - options - security - saved passwords or erase various stored data with tools clear private data.

23
trabis
Re: trabis account has been hacked
  • 2008/9/5 10:02

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


OKthat's definitly a browser problem and has nothing to do with the problem of the admin name in the interests field.


I would say that is a browser problem and has everything to do with the login name in the interest field.

24
ghia
Re: trabis account has been hacked
  • 2008/9/5 11:51

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Can you simulate it?
By analyzing the traffic between browser and server with a communications analyzer eg WireShark or a proxy, it could be ruled out definitly, where the problem comes from.

If you start with an empty field in the database and in your form appears a name in the interest field, then you could see in the communication if that name was present (error by XOOPS) or not (browser problem).

If the problem starts by posting an empty interests field and suddenly there is a name in the database, then the presence of the name in the communication would tell if it is a XOOPS (not present) or a browser problem (present).

For the last case you could also use the Live HTTP headers plugin in FF3.

25
Daethian
Re: trabis account has been hacked
  • 2008/9/9 0:28

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


It has to be FF3.

Today at work a user emailed about a password issue. Another admin had edited her user account but I wanted to view the account myself to be sure everything looked ok. While in there I noticed that the other admins name was in the interest field so I deleted it. This admin upgraded to FF3 last night and today she noticed her name in the Interest field and flipped out.

I just read the posts here and decided to view this user again in IE 7 and FF3.

I opened the same user in IE7 and there is nothing in the Interest field.

I immediately opened the same user in FF3 and my name is in the Interest field.
hhttp://www.artfire.com/daethian
My Artfire store- Vintage Jewelry and New Bead Jewelry

26
Marco
Re: trabis account has been hacked
  • 2008/10/3 16:10

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


guys, i can't replicate, is it a google chrome issue or not?
reading the daethian post, it seems it is not a browser issue.
weird
how do you edit the profile? from admin or from user block, from ext profile admin? with or without ext profile activated?
please explain me !
Do synergy or die.

27
Daethian
Re: trabis account has been hacked
  • 2008/10/3 16:53

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


You don't think it is the browser? I thought for sure it is Firefox 3 causing the problem.

It's happening with the email field now that I updated to XOOPS 2.3

I normally edit from the System admin area. I don't know about extended profiles. Are they on by default?

I only have Firefox 3 on my laptop at home so I will have to test the email issue this weekend and get back to you in.
hhttp://www.artfire.com/daethian
My Artfire store- Vintage Jewelry and New Bead Jewelry

28
Marco
Re: trabis account has been hacked
  • 2008/10/3 17:19

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


hum, i personally make use of FF3.0.3 and i don't have this problem. weird... !
Do synergy or die.

29
Marco
Re: trabis account has been hacked
  • 2008/10/4 9:48

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


fyi, some fixes have been made in up to come 2.3.1. please confirm during RC stage that it is correct now
Do synergy or die.

30
trabis
Re: trabis account has been hacked
  • 2008/10/4 19:13

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Problem solved in 2.3.1 with the addition of autocomplete=off in class/xoopsform/formpassword.php

Thank you for solving this!

Login

Who's Online

390 user(s) are online (282 user(s) are browsing Support Forums)


Members: 0


Guests: 390


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits