Get XOOPS XOOPSXOOPS FAQFAQ ForumsForums NewsNews ThemesThemes ModulesModules
New Posts New Topics All Posts All Forums Index General Modules Themes Development International XOOPS.org

Search


Advanced Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $65.00
Net Balance: $61.80
Left to go: $38.20
Donations
studioC  ($25)May-17
Anonymous ($15)May-16
Anonymous ($25)May-4

Learn XOOPS Core

Click to see original Image in a new window
OOP with XOOPS

XOOPS API
XOOPS Blue Move XOOPS Giftshop XOOPS Blue Move
Share


Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

2 2.5 2.5.5 2.6 3.0 2013 Abuse alimento AntiHarvesting AntiMalUser AntiSpam API Beats billige black block Blocking Blocks blue Bytes Captcha cell Christmas chronolabs content Conversion demo Dictionary docek download Dresses editor Elastic evden eve facebook floor forms framework free herre Honeypot Human Hymn instant-zero IP jQuery kantor lamps Load log logger mobile module modules Monster MyAlbum-p nakliyat newbb news online PageRank Party Permissions pink Plugin pollos portal Prevention profile project Protector publisher REST Rights rmcommon Room sale security Server site Smarty Spam SQL stem Studio tag tags tdmcreate Theme themes Transaction userlog website Whitepaper Wishcraft XFriendica xoops Xortify ZendFramework
more...

New Users

Registering user

# 136034

kennabee

Welcome to XOOPS!

Forum Index

Board index » General XOOPS.org forums » XOOPS Project Teams » XOOPS Support Team » Why one user can edit another user's profile?




Bottom   Previous Topic   Next Topic  Register To Post

(1) 2 »


#1 Posted on: 2009/11/26 5:48 Why one user can edit another user's profile?

When user (John) logs in and goes to Profile » Edit Profile he is given detail of (Peter) to edit. This is a serious blander that has led me to take down my site.

I need someone from the XOOPS to give details and see whats wrong. The site cannot run like this, its a breach of users privacy and a massive mess.

XOOPS Version - XOOPS 2.4.1
PHP Version - 5.2.9
MySQL Version - 5.1.30
Server API Version - cgi-fcgi
OS Version - Linux

Module-Profile


Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)


#2 Posted on: 2009/11/26 6:33 Re: Why one user can edit another user's profile?
are you sure you set up profile module permissions correct?

Top

deka87
Friend of XOOPS
Friend of XOOPS
Joined:
2007/10/5 13:50
From Russia
Group:
Registered Users
Posts: 1107
(Show More) (Show Less)


#3 Posted on: 2009/11/26 6:50 Re: Why one user can edit another user's profile?
Probably you have given module admin rights for the profile module to registered users. Module access right will do for anonymous and registered users.

Top

ghia
Community Support Member
Community Support Member
Joined:
2008/7/3 14:19
From Belgium
Group:
Registered Users
Posts: 4946
(Show More) (Show Less)


#4 Posted on: 2009/11/26 7:16 Re: Why one user can edit another user's profile?
Quote:

deka87 wrote:
are you sure you set up profile module permissions correct?

There is no such permission. Am sure with the permission its okay.

Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)


#5 Posted on: 2009/11/26 7:22 Re: Why one user can edit another user's profile?
Quote:

ghia wrote:
Probably you have given module admin rights for the profile module to registered users. Module access right will do for anonymous and registered users.


I cant make such a mistake, anyway i have doubled checked the admin permission is only on Admin.






Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)


#6 Posted on: 2009/11/26 7:30 Re: Why one user can edit another user's profile?
Let me repeat again.

When user (John) logs in and goes to his Profile he see his correct details as below

modules/profile/userinfo.php

Profile » User profile

John john@email.com

But when he clicks edit profile.

Profile » Edit Profile

He gets this

Basic Information

Username
Peter
Email
peter@email.com


So John cant edit his own account but he can edit peters.

I have checked with another user.

Sandra logs in as Sandra goes to edit account and she get

Basic Information

Username
Peter
Email
peter@email.com


Whats with this peters account it appearing on anyone who wants to edit there account.

Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)


#7 Posted on: 2009/11/26 7:46 Re: Why one user can edit another user's profile?
Could it be cache problem? Do you have cache set for profile module?

Top

trabis
Core Developer
Core Developer
Joined:
2006/9/1 13:10
From Portugal
Group:
Registered Users
Webmaster
Posts: 2198
(Show More) (Show Less)


#8 Posted on: 2009/11/26 7:50 Re: Why one user can edit another user's profile?
Is there the same mixup when they edit their avatar or going to their Private messages (from within profile view)?

Top

ghia
Community Support Member
Community Support Member
Joined:
2008/7/3 14:19
From Belgium
Group:
Registered Users
Posts: 4946
(Show More) (Show Less)


#9 Posted on: 2009/11/26 8:12 Re: Why one user can edit another user's profile?
Quote:

trabis wrote:
Could it be cache problem? Do you have cache set for profile module?


Yes, that was the problem, i have removed the 1 week cache and now it works fine.
Thanks

What can i do to save user login details for easy access eg for a week? I dont want a situation where a user has to type username an password all the time.

Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)


#10 Posted on: 2009/11/26 12:38 Re: Why one user can edit another user's profile?
Sorry there, thats not what i ment, I simply forgot the words (my login) and now i see the absence of those two words changed what i ment. Here is what i ment including the missing words.

Quote:
I need someone from the XOOPS to give my login details and see whats wrong. The site cannot run like this, its a breach of users privacy and a massive mess.


Grammar: someone from the XOOPS to give details and see whats wrong. Doesnt make sense.

I was not blaming xoops, i wanted to say that i can only trust someone from XOOPS with my login details.

MY APOLOGIES.

Top

bumpeboy
Friend of XOOPS
Friend of XOOPS
Joined:
2008/10/4 10:18
From London UK
Group:
Registered Users
Posts: 154
(Show More) (Show Less)



Board index » General XOOPS.org forums » XOOPS Project Teams » XOOPS Support Team » Why one user can edit another user's profile?

Top   Previous Topic   Next Topic
(1) 2 »

  Register To Post


You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.

[Advanced Search]