mikeuk Posted February 16, 2004 Posted February 16, 2004 Hi all, Wondered if anyone has come across this problem. I have been testing out my osC installation and have tried to use the admin front end as much as possible so as not to mess up the database. I have been adding a few false customers for testing and have placed orders and so forth. It now comes to the time to clean up the back-end, by deleting the false customers, ready for release to the public. Now that we have gone live, a customer has just informed me that they are able to see someone elses old orders having just created a new account!! Now this is of great concern. I immediately went to the back admin and checked the customer and they was right, they did have someone elses order. By just deleting an old customer is not enough, you also have to search through the database and delete their orders that they had placed so the system doesnt pick it up. Has anyone else experienced this dangerous flaw? Is this right osC Member? should this be happening?? thanks.
Chris Dunning Posted February 16, 2004 Posted February 16, 2004 How did you go about deleting the old customers? The only thing that I can think of is that the new customers are being assigned "customers_id" numbers that belonged to the old customers...but I'm not sure how that's happening. Perhaps if you deleted the customers manually through the database...then the new customers would be given the old id numbers...and then the old orders associated with that id number are showing up. Interesting problem... Chris Dunning osCommerce, Contributions Moderator Team Please do not send me PM! I do not read or answer these often. Use the email button instead! I do NOT support contributions other than my own. Emails asking for support on other people's contributions will be ignored. Ask in the forum or contact the contribution author directly.
ibandyop Posted February 16, 2004 Posted February 16, 2004 Turn off Cache if it is ON for safety. Did the new customer use the old customers computer (using cookies used by old customer). Save your sessions in mysql and not in /tmp Look at the /includes/configure.php bottom to fix this. ibandyop
mikeuk Posted February 16, 2004 Author Posted February 16, 2004 Hi both, BlueNoteMKVI: The only action that I am doing via SQL is just the setting of products_views to zero and made the qty to 999. I did do all other actions via the admin backend. I deleted the customer by high-lighting them and then pressing delete and then confirm to delete. I at no time made any physical SQL database changes to the customers or orders, as I knew this would effect alot of tables, and also I dont know how the back end database actually works (though I do have avery good idea) I wasnt going to touch it. Everything was via the admin, even the complicated variations to products. ibandyop: The cache on my admin section is already turned off and is using cookies to track the user as they shop around. I also do think that when I deleted the customers, for some reason the system has assigned some, (not all), new customers to old ids, making the new customers see old orders. Should new customers be assigned old cIDs???
Recommended Posts
Archived
This topic is now archived and is closed to further replies.