Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Duplicate customers_id in address_book table!

mtbwacko

By mtbwacko
in General Support

Recommended Posts

mtbwacko

mtbwacko

Posted
Posted

New customers are seeing other addresses and credit card information when trying to check out. Reviewing the table shows that they are receiving the same customers_id in the address_book table as the customer prior to them, but they do not even have a record in the customers table.

 

We have tried many solutions, including deleting all customer and sales orders from admin and starting fresh. It is still happening, but never with every order, just every few orders with no apparent pattern. This is a MAJOR DISASTER for our online store and must be remedied as soon as possible. Can someone please help!

 

Due to the potential security issues that are at stake here, I cannot post the URL of this store.

 

Please help!

Guest

Guest

Posted
Posted

happens if the sessions or cookies aren't setup properly first double check the configure.php files and the paths.

 

catalog\includes\configure.php

catalog\admin\includes\configure.php

 

Also check the settings of the sessions in the osc admin panel

mtbwacko

mtbwacko

Posted
  • Author
Posted
happens if the sessions or cookies aren't setup properly first double check the configure.php files and the paths.

 

catalog\includes\configure.php

catalog\admin\includes\configure.php

 

Also check the settings of the sessions in the osc admin panel

 

 

Mark,

 

Thank you kindly for the reply. I checked the sessions setup in Admin and everything looks normal. MySql is handling the sessions as the site is on a shared server so there are no path issues that can affect this.

 

I also checked both configure.php files, but only the non-admin configure file has any cookie params. The only possible error there is the https cookie setting did not have two dots, as in ".domain.com" - it was set at "domain.com" - OSC web site states a minumum of two are required, so I changed it to ".domain.com" - the reason it is not set at www.domain.com is because the SSL certificate name does not have the www and I know these need to match.

 

The nature of this problem, being so incredibly sporadic, makes it very difficult to diagnose and remedy. Any light that can be shed is greatly appreciated. Thanks again for your assistance.

 

MTB

Guest

Guest

Posted
Posted

if the sessions are ok, perhaps there is a script or add-on you have that does not check the customers_id column when it updates the database tables. You could try placing the catalog on a local server and by placing orders see if you can replicate the issue. Also check the customers table see if the customers_id is still set to autoincrement.

mtbwacko

mtbwacko

Posted
  • Author
Posted

I've now tried every suggestion and the problem still exists. We just received yet another order with a mix of two addresses. The address_book table shows the last two entries having the SAME customers_id. How on earth is this happening?! The customers table is only assigning one ID, as it should, but somehow duplicate customers_id' s are appearing in the address_book table. I am at a complete loss here. Can anyone help with this?

 

This can turn into a paid job to a qualified person who can fix this for us.

Guest

Guest

Posted
Posted

Can you replicate it by placing test orders from different accounts?

mtbwacko

mtbwacko

Posted
  • Author
Posted
Can you replicate it by placing test orders from different accounts?

 

I've set up several test accounts trying to replicate the problem but all the orders I have made and accounts I have set up have never produced a problem. It only happens sporadically to an occassional customer and there appears to be no pattern emerging. This makes it very difficult to diagnose.

  • 2 years later...
Guest

Guest

Posted
Posted

I have this exact same problem. I am really eager to see what the solution will be.

Guest

Guest

Posted
Posted
Can you replicate it by placing test orders from different accounts?
Is there anyway that you could offer other suggestions as to what the problem might be other than the configure.php? I have not yet been able to duplicate the error, so I am baffled at how to find its source. Any suggestion about where to look would be wonderful. If you do not have the time, I understand.

 

Thanks in advance if you have the time.

 

I would open my own thread, but since I have the identical error (and the original thread poster seems to have abandoned this thread), I thought it might be best to keep any solutions in the same place. I apologize if this is threadjacking. :)

compuskill

compuskill

Posted
Posted

Hey guys,

 

I had the same problem some weeks ago, but meanwhile, it does not occur anymore. Maybe this helps you:

 

1) I had two shops on two different domains sharing the same database, so when people created their accounts at the same time, the customers and adress book id s got mixed up, I guess. Therefore, I have made a redirect for the login.php pointing at one shop installation only.

 

2) I have turned off caching

 

3) I don't know why, but I have seen on google that some links had been spidered with a session although I have that disabled in the configuration. I guess that that could also be the cause of the mixup.

 

I do not know what finally helped fixing the problem, but maybe you can check all the things. But if the problem exists in so many shop installations, it could also be a bug in the software itself...

 

Btw, I was not able to reproduce the error neither. It seemed to occur by chance. And: In my case, it had nothing to do with the configure.php

Guest

Guest

Posted
Posted
Hey guys,

 

I had the same problem some weeks ago, but meanwhile, it does not occur anymore. Maybe this helps you:

 

1) I had two shops on two different domains sharing the same database, so when people created their accounts at the same time, the customers and adress book id s got mixed up, I guess. Therefore, I have made a redirect for the login.php pointing at one shop installation only.

 

2) I have turned off caching

 

3) I don't know why, but I have seen on google that some links had been spidered with a session although I have that disabled in the configuration. I guess that that could also be the cause of the mixup.

 

I do not know what finally helped fixing the problem, but maybe you can check all the things. But if the problem exists in so many shop installations, it could also be a bug in the software itself...

 

Btw, I was not able to reproduce the error neither. It seemed to occur by chance. And: In my case, it had nothing to do with the configure.php

 

Wonderful. I'll look into these items too. I have already set up a completely new, virgin install and compared the configure.php files. They are identical, so if there is a problem with them, they come that way with the installation. I've been going over my DB and it looks like this problem has been happening the entire time. It is about every 30/40 new registrations (sometimes 20 and sometimes 50, so the pattern is hard to detect). I never noticed this issue before this past week. I am not that great with PHP, so I generally leave things alone. In other words, I do not have an over modded site or play around in the code. It also never occurred to me to go into PHPMyAdmin and check the customer_ID to see if there were duplicates. Since my shop is getting more popular now, I am starting to get complaints. People are starting to call me on the phone and scream at me. That's how I found out that there is a major security issue with my site. Customers are in rebellion. I sure hope this fluke is the only issue with my version of OSCommerce. We've reached number 1 with Google for our main keyword and I would hate to have to cancel this project do to an unsolvable problem.

 

Thanks again for a response. I'll post again if your information provided the clue I needed to resolve this error. :)

Guest

Guest

Posted
Posted
Hey guys,

 

1) I had two shops on two different domains sharing the same database, so when people created their accounts at the same time, the customers and adress book id s got mixed up, I guess. Therefore, I have made a redirect for the login.php pointing at one shop installation only.

 

This is not a problem. I only have one site using the database.

 

2) I have turned off caching

I checked this and the cache is set to false. So, that isn't it.

 

3) I don't know why, but I have seen on google that some links had been spidered with a session although I have that disabled in the configuration. I guess that that could also be the cause of the mixup.

I checked this and session spidering is also set to false.

 

I do not know what finally helped fixing the problem, but maybe you can check all the things. But if the problem exists in so many shop installations, it could also be a bug in the software itself...

 

Btw, I was not able to reproduce the error neither. It seemed to occur by chance. And: In my case, it had nothing to do with the configure.php

I have noticed something strange. Some users have multiple address_book entries, each with a different address_book_id, but with the identical customers_ids.

 

For example

 

address_book_id-----------customers_id--------entry_firstname---------entry_street_address

1190---------------------------------1190--------------------John Doe--------------------222 Amado Road

1191---------------------------------1190--------------------John Doe--------------------PO Box 215

 

Of these two entries, the first is the entry that is used if an order is placed. Though the second is still present in the database, it is ignored.

 

These entries always occur in pairs, as if the customer tried to update their information in the address book. When I try to do this, to recreate the error, my information is correctly updated and a second address_book_id is not created.

 

I could live with this fluke. The problem that is happening, is that sometimes the pairs are not from the same person.

 

The entries will look like this:

 

address_book_id-----------customers_id--------entry_firstname---------entry_street_address

2245---------------------------------2245--------------------John Doe -------------------123 Main Street

2246---------------------------------2245--------------------Jack Smith------------------PO Box 99

 

In this case, both John Doe and Jack Smith can log-in, but John Doe's information is being displayed in both accounts. Not only is the account information being displayed, the order history is also available to both customers.

 

I am still hunting for what could be causing this issue.

 

My current solution is to manually check the DB several times a day and correct any duplicate entries by hand. That's barely a solution at all.

compuskill

compuskill

Posted
Posted
This is not a problem. I only have one site using the database.

 

 

I checked this and the cache is set to false. So, that isn't it.

 

 

I checked this and session spidering is also set to false.

 

 

I have noticed something strange. Some users have multiple address_book entries, each with a different address_book_id, but with the identical customers_ids.

 

For example

 

address_book_id-----------customers_id--------entry_firstname---------entry_street_address

1190---------------------------------1190--------------------John Doe--------------------222 Amado Road

1191---------------------------------1190--------------------John Doe--------------------PO Box 215

 

Of these two entries, the first is the entry that is used if an order is placed. Though the second is still present in the database, it is ignored.

 

These entries always occur in pairs, as if the customer tried to update their information in the address book. When I try to do this, to recreate the error, my information is correctly updated and a second address_book_id is not created.

 

I could live with this fluke. The problem that is happening, is that sometimes the pairs are not from the same person.

 

The entries will look like this:

 

address_book_id-----------customers_id--------entry_firstname---------entry_street_address

2245---------------------------------2245--------------------John Doe -------------------123 Main Street

2246---------------------------------2245--------------------Jack Smith------------------PO Box 99

 

In this case, both John Doe and Jack Smith can log-in, but John Doe's information is being displayed in both accounts. Not only is the account information being displayed, the order history is also available to both customers.

 

I am still hunting for what could be causing this issue.

 

My current solution is to manually check the DB several times a day and correct any duplicate entries by hand. That's barely a solution at all.

 

Have you lately moved to another server? Problems started when our server was upgraded to PHP5 und MySQL5. Maybe there is an incompatibility somewhere?

Guest

Guest

Posted
Posted
Have you lately moved to another server? Problems started when our server was upgraded to PHP5 und MySQL5. Maybe there is an incompatibility somewhere?
No, the server is still using PHP4. I haven't moved the site either. During the entire life of this website, it has remained exactly where it is. No Changes at all.

 

I've been trying to duplicate the error, but I can't. I am creating accounts and updating the address book from within OSCommerce (like a customer would do) then deleting the account and creating a new account with the same information. I've tried to create and account, backspace after submission and create the account again. No error is produced. Every time it works flawlessly. Every time I do it, I get a unique user with sole access to the account: perfect, just like it should be. Yet, somehow there are people who have been assigned three and four address_book_ids with the exact same customers_id. Sometimes these multiple accounts have the same account information with only small variations. For example, in one account the name will be in lower case and in the other upper case or in one account they'll spell out drive and in the duplicate it will be abbreviated as Dr. or DR without the period. This is not always the case, however. Sometimes the account information is 100% identical.

 

I am totally baffled.

 

I really only have two mods added. I am using Lightbox and Ultra Pics. I have been going over threads in the support community that deal with these mods and I can not find any complaint that the modifications caused something like this to happen: sporadic duplication of some customers_ids causing one user to get the preceding user's account information.

 

Talk about Ghost in the Machine.

 

Thanks again for your suggestion. All replies, no matter what they might be, are welcomed. :)

  • 4 months later...
4fthawaiian

4fthawaiian

Posted
Posted

Hey guys. I've got a customer whose site is experiencing this problem. I'm hoping one of you found a solution and then just never got around to posting here. Please let me know if so! Cheers.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...