I've recently installed a SMF forum on my site. It's the current version, as installed by Fantastico through the TCH cPanel.<br /><br />It's been working ok until yesterday when one user was inadvertently posting using another poster's ID. The IP addresses linked back to the right person but the name on the post did not.<br /><br />These two posters are not posting from the same computer, and neither of them know how it happened either.<br /><br />Any ideas?<!--content-->
This might be a good question for the SMF forums. They have a broader user base and you might find somebody there who has encountered this problem.<br /><br />They will probably be better equipped to troubleshoot this type of problem as well.<br /><br />Good luck!<br /><br /><i>http://www.simplemachines.org/community/index.php</i><!--content-->
I agree with Paul that the SMF forum may be a better place to ask but I have some questions.<br /><br />How did the user login under someone else's ID? Why do they know the other person's password? Allowing people to masquarade as someone else on any forum is not a good idea.<br /><br />Second, I'm not sure I understand if there is a problem. For the post in question who's IP number was recorded? The actual user that made the post? That is how I would expect it to work. And for the name attached to the post it should have been the name they were logged in as, whether or not that name is associated to a particular IP address is immaterial.<br /><br />I access this board from two different IP addresses and both are recorded as I post with the name I am logged in under as it should be.<!--content-->
I tried the SMF forum, but got no answers. This forum is so helpful, I thought I'd take a shot at someone here having experience with it.<br /><br /><!--quoteo(post=199266:date=Jan 25 2007, 12:27 PM:name=TCH-Bruce)--><div class='quotetop'>QUOTE(TCH-Bruce @ Jan 25 2007, 12:27 PM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=199266"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->How did the user login under someone else's ID? Why do they know the other person's password? Allowing people to masquarade as someone else on any forum is not a good idea.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />The user didn't log in under someone else's ID. That's the problem. He didn't know the other user's login information. There was nothing on his end that would indicate that he would (or even COULD) post under the other user's name. He was just as surprised as anyone that when it posted, that it was under another user's name.<br /><br />The actual user's IP address was recorded in the errant posts.<br /><br />Thank you for any insight you have!<!--content-->
It sounds like you may have some database corruption. I would rebuild the database.<!--content-->
Or possibly the first user sent the second user a link with their sessionid in it. Bad coding if that is what happened and highly unlikely with SMF.<!--content-->
How close are the usernames/passwords? Are you allowing the lowest grade password (4 digit) instead of boosting it up a notch? <br /><br />Within SMF, you can do a repair on the databases. I would try that. Maybe your indexes have gotten out of sync.<!--content-->
This might be a good question for the SMF forums. They have a broader user base and you might find somebody there who has encountered this problem.<br /><br />They will probably be better equipped to troubleshoot this type of problem as well.<br /><br />Good luck!<br /><br /><i>http://www.simplemachines.org/community/index.php</i><!--content-->
I agree with Paul that the SMF forum may be a better place to ask but I have some questions.<br /><br />How did the user login under someone else's ID? Why do they know the other person's password? Allowing people to masquarade as someone else on any forum is not a good idea.<br /><br />Second, I'm not sure I understand if there is a problem. For the post in question who's IP number was recorded? The actual user that made the post? That is how I would expect it to work. And for the name attached to the post it should have been the name they were logged in as, whether or not that name is associated to a particular IP address is immaterial.<br /><br />I access this board from two different IP addresses and both are recorded as I post with the name I am logged in under as it should be.<!--content-->
I tried the SMF forum, but got no answers. This forum is so helpful, I thought I'd take a shot at someone here having experience with it.<br /><br /><!--quoteo(post=199266:date=Jan 25 2007, 12:27 PM:name=TCH-Bruce)--><div class='quotetop'>QUOTE(TCH-Bruce @ Jan 25 2007, 12:27 PM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=199266"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->How did the user login under someone else's ID? Why do they know the other person's password? Allowing people to masquarade as someone else on any forum is not a good idea.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />The user didn't log in under someone else's ID. That's the problem. He didn't know the other user's login information. There was nothing on his end that would indicate that he would (or even COULD) post under the other user's name. He was just as surprised as anyone that when it posted, that it was under another user's name.<br /><br />The actual user's IP address was recorded in the errant posts.<br /><br />Thank you for any insight you have!<!--content-->
It sounds like you may have some database corruption. I would rebuild the database.<!--content-->
Or possibly the first user sent the second user a link with their sessionid in it. Bad coding if that is what happened and highly unlikely with SMF.<!--content-->
How close are the usernames/passwords? Are you allowing the lowest grade password (4 digit) instead of boosting it up a notch? <br /><br />Within SMF, you can do a repair on the databases. I would try that. Maybe your indexes have gotten out of sync.<!--content-->