Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

orders have email & postal address of another user


wkdwich

Recommended Posts

Katherine places an order..

Friday, November 17, 2006 4:33 AM

order # 950, her proper email address is attached to the order [email protected]

 

Liana places an order..

Friday, November 17, 2006 2:28 PM

order # 951 but katherines email address is shown on the invoice..

 

The admin order listing shows:

katherine #951 $64.68 11/17/2006 14:28:44 Delivered

katherine #950 423.12EUR 11/17/2006 04:33:17 Delivered

 

If I go into the database and look up both these ladies I see they are both marked as customer_id #1249 in the address_book table with Katherines address_book entry #1442 and Liana #1443

 

In the customers table Liana is not listed at all (which means whe's going to have a problem signing in now) and Katherine is customer # 1249

 

The email copy of 951 to the merchant shows Lianas billto & shipto with Katherines email

 

The invoice through the control panel of #951 shows billto Katherine, shipto Liana

 

Somehow Lianas address got hooked up with Katherines customer_id during the order placing sequence. This is a serious problem as in this case the product is being shipped from Florida, Katherine lives in Greece and Liana in Canada.. shiping wrong orders over seas is a very costly problem

 

This is not an isolated incident.. I have 2 other orders here just like this..

========================

Friday, December 01, 2006 5:48 AM

Order 1068 [email protected] from New York

 

Friday, December 01, 2006 6:59 AM

Order 1069 Paul in Michigan but the email address is [email protected]

 

Paul's name actually has 2 address_book records #1589 & 1590 April is record #1588 but all 3 are showing as customer_id 1369

 

The admin orders list looks like:

April #1069 $99.99 12/01/2006 06:59:39 Delivered

April #1068 $71.57 12/01/2006 05:48:31 Delivered

 

the email version of #1069 the store owner receives does not show April's name anywhere, just her email address, billto & shipto as Paul's info

 

the invoice in the control panel for 1069 has a bill to of April and ship to of Paul

========================

 

Wednesday, November 22, 2006 8:28 AM

Order 986 [email protected] from Pennsylvania

 

Wednesday, November 22, 2006 11:11 AM

Order 988 Jennifer from Missouri but with [email protected] as the email

 

Jennifer has 2 records in address_book #1484 & 1485 Rae is record 1480 All 3 records are customer_id #1281

 

RAE #988 $111.91 11/22/2006 11:11:39 Delivered

[someone else's order] 987 $111.90 11/22/2006 10:02:14 Delivered

RAE #986 $36.48 11/22/2006 08:28:36 Delivered

 

The email version of # 988 to the store owner does not show Rae's name, just her email address,, the billto & ship to both show Jennifer's info

 

The invoice thorugh the control panel has a bill to of Rae and shipto of Jennifer

=====================

 

I'm not sure where this is going wrong.. I suppose it could be one is placing her order while the other is signing up, but that does not make sense from the times..

 

The 1st example there is one adress_book reacord for each name, in the 2nd 2 exmaples, the one who owns the customer_id has 1 address_book entry and the other person has 2 entries. I don't think that has any correlation on this.. Time has nothing to do with this either from what I can see..

 

I am going to have to assume one of the mod's went worng somewhere.. can someone help me with a starting point for tracking this down quickly??

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

Hi Debbie,

this looks like a session issue. Old sessions can be reactivated in osCommerce if users come in via the same link which has the session tied to it.

 

step 1) check if your sessions are stored in the database or not

step 2) check if prevent spider session is set to true in admin -> configuration -> sessions

 

links with session IDs might be floating around for your site, sent by emails, posted on bulletin boards, it could be anywhere. I once had a site debugged where the main website navigation had the menu built with session IDs attached ... you can imagine the results.

 

you will need to add a patch to your application_top.php file to check whether a session is still active when a user comes in. If it's not active, do not allow it to be recreated. We discussed this topic whith Amanda/boxtel a few weeks ago - she uses file based sessions, I use mysql.

 

this is what my modified section in application_top.php looks like now:

 

//added by Monika

$browser_ip = tep_get_ip_address();

if (isset($_GET[tep_session_name()])) {

// session id in the url

 

$session_query = tep_db_query("select sesskey from " . TABLE_SESSION . " where sesskey = '" . $_GET[tep_session_name()] . "' and expiry > '" . time() . "'");

 

if (tep_db_num_rows($session_query) < 1) {

// session id not active on the system

// error log entry to keep an eye on it

error_log('GET session expired:'.$browser_ip.' - '.$_GET[tep_session_name()]."\n");

// destroy the given inactive session id

unset($_GET[tep_session_name()]);

// give a new one

session_regenerate_id();

}

}

 

// set the session ID if it exists

if (isset($HTTP_POST_VARS[tep_session_name()])) {

tep_session_id($HTTP_POST_VARS[tep_session_name()]);

} elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {

tep_session_id($HTTP_GET_VARS[tep_session_name()]);

}

:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Link to comment
Share on other sites

Hi Debbie,

this looks like a session issue. Old sessions can be reactivated in osCommerce if users come in via the same link which has the session tied to it.

 

step 1) check if your sessions are stored in the database or not

step 2) check if prevent spider session is set to true in admin -> configuration -> sessions

 

links with session IDs might be floating around for your site, sent by emails, posted on bulletin boards, it could be anywhere. I once had a site debugged where the main website navigation had the menu built with session IDs attached ... you can imagine the results.

 

ok great.. super info.. I checked the session settings comparing what you suggest here and what is set in the other store I manage where they have never complained of this same issue..

this store:

Prevent Spider Sessions was false changed to True

Recreate Session was false changed to True

 

The other store had the recreate session set to true already I will change the prevent spiders true there also now

 

Sessions are set to mysql

 

Since I am not the only cook in this particular kitchen I will have to notify the other guy to make sure he is not linking with session id's but I don't see how that might be happening, I manuver around the site and don't see any id's in the address bar..

 

you will need to add a patch to your application_top.php file to check whether a session is still active when a user comes in. If it's not active, do not allow it to be recreated. We discussed this topic whith Amanda/boxtel a few weeks ago - she uses file based sessions, I use mysql.

 

this is what my modified section in application_top.php looks like now:

 

OK thanks I've added it and I guess all we can do now is watch and wait :)

 

I can not express deeply enough my appreciation of your quick and very consice response.

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

oopss.. we have a problem.. I added your code and got this error:

1146 - Table 'idonails_osc1.TABLE_SESSION' doesn't exist

select sesskey from TABLE_SESSION where sesskey = '9fd12e0d09f2374557ddf8e6b9a5a833' and expiry > '1165075289'

[TEP STOP]

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

more poking now.. that session ID does exist but with a different expiry stamp

9fd12e0d09f2374557ddf8e6b9a5a833 1165077631

 

 

Now then I go to the store I see osCsid= in several, but not all links

 

Login | My Account | Shopping Cart | Checkout

 

(I am not currently logged into any account)

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

oopss.. we have a problem.. I added your code and got this error:

1146 - Table 'idonails_osc1.TABLE_SESSION' doesn't exist

select sesskey from TABLE_SESSION where sesskey = '9fd12e0d09f2374557ddf8e6b9a5a833' and expiry > '1165075289'

[TEP STOP]

That means either you dont have the session table or there is something wrong with the file:

includes\database_tables.php

 

Check if you have this line:

define('TABLE_SESSIONS', 'sessions');

Link to comment
Share on other sites

sorry, in the code I posted above there is a typo for the session table....

 

should be

 

TABLE_SESSIONS

 

copied it from my draft notes and not the actual file, sorry!!

:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Link to comment
Share on other sites

sorry, in the code I posted above there is a typo for the session table....

 

should be

 

TABLE_SESSIONS

 

copied it from my draft notes and not the actual file, sorry!!

 

No problem, I did see that and was going to ask, but you are usually so on the ball that I figured that it must be correct :)

 

I added that code now and no errors this time..

 

Is there a post somewhere that expains more about how the session id's work?? I assume it is cookie-like and see it has an expiration, but I can not figure out how long that actually is. I have seen the session id's come and go out of the same session in a cart and don't quite get why..

 

On the error, I assume now I need to just sit back and watch to make sure it doesn't happen again.. I tried looking though all the pages where there are hard coded static links and can;t find any that have the sid, but they do have more than pne site and I do not manage the pthers, so it is very possible the link is coming from there or a mass mail someone sends for them

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...