Ok, here's an unusual case. I have uploads for unregistered users COMPLETELY turned off in my vbDownloads database. However, today an Unregistered user apparently uploaded a file. It generated a Comments thread (here) and apparently is located at this URL in the database. It does not show up in the listings for that category but it does show up in the side block. Additionally, even as Super Admin I cannot access the page to delete it.
Bug Unregistered User Uploaded a File, Entry is Broken
- Status
There's a couple possibilities for that No Permissions error, so:
Could you please create and PM me with a temporary FTP and AdminCP account?
For security reasons, we recommend you create a new FTP account only for DBTech support, then disable or delete it after we have both confirmed the issue has been solved and there are no further issues.
The same applies to AdminCP accounts; they should ideally be temporary accounts created for us only. If we have created an account on your site already, you can optionally boost that account to Administrator and then de-admin this account once the issue has been solved.
If you use a .htaccess password protection for your AdminCP directory, it is recommended that you create a new authorised user for DBTech and remove this user once the issue has been solved.
Please test any temporary accounts you create to ensure that the FTP account has access to the forum files, and that the AdminCP account can access the administrative controls for the product we are assisting you with.
Ensuring this is all in order before submitting the information will significantly speed up the process of assisting you. We will alert you via PM if there's any issues with the login information you have provided.
When sending the PM, for your security you should also un-tick the "Save a copy in my Sent Items folder" checkbox. When the access details have been received, we will delete the PM from our inbox. Ensuring you have not kept a copy of the PM reduces the risk of security breaches.
Thank you for helping us debug our products and allowing us to assist you, we appreciate it
Could you please create and PM me with a temporary FTP and AdminCP account?
For security reasons, we recommend you create a new FTP account only for DBTech support, then disable or delete it after we have both confirmed the issue has been solved and there are no further issues.
The same applies to AdminCP accounts; they should ideally be temporary accounts created for us only. If we have created an account on your site already, you can optionally boost that account to Administrator and then de-admin this account once the issue has been solved.
If you use a .htaccess password protection for your AdminCP directory, it is recommended that you create a new authorised user for DBTech and remove this user once the issue has been solved.
Please test any temporary accounts you create to ensure that the FTP account has access to the forum files, and that the AdminCP account can access the administrative controls for the product we are assisting you with.
Ensuring this is all in order before submitting the information will significantly speed up the process of assisting you. We will alert you via PM if there's any issues with the login information you have provided.
When sending the PM, for your security you should also un-tick the "Save a copy in my Sent Items folder" checkbox. When the access details have been received, we will delete the PM from our inbox. Ensuring you have not kept a copy of the PM reduces the risk of security breaches.
Thank you for helping us debug our products and allowing us to assist you, we appreciate it
Just so you know, I sent another PM about this. I've now had three occurances of this bug, two from people who were logged in and it says the file is by an Unregistered User and now one from one of those users that properly shows up under their name, but who still gets the same permissions problem. They all appear to be in the same category so far, but I'm going to keep looking into it to see if there are more.
I have an update on this finally. Here's at least one way to reproduce it:
1- Sign in without checking the "Stay signed in" box.
2- Click Upload File, write your title and description and upload a file, but DO NOT hit save.
3- Wait 20 minutes, or however long it takes for you to be automatically signed out.
4- Hit save. When the page loads it will have successfully uploaded everything, but it will be author-less.
I have SOOOO many users who have done this. I'm not sure if this is the only way to reproduce it, but I suspect if it isn't then it also has to do with registration somehow.
1- Sign in without checking the "Stay signed in" box.
2- Click Upload File, write your title and description and upload a file, but DO NOT hit save.
3- Wait 20 minutes, or however long it takes for you to be automatically signed out.
4- Hit save. When the page loads it will have successfully uploaded everything, but it will be author-less.
I have SOOOO many users who have done this. I'm not sure if this is the only way to reproduce it, but I suspect if it isn't then it also has to do with registration somehow.
Never in a million years would I have guessed this You, sir, win 6 free internets.
I'll have to investigate how vBulletin handles this type of scenario (i.e. someone begins writing a post but then leaves the computer) and see if there's anything I can do on my end, alternatively I have an idea of how to solve it.
It seems like my SFTP access still works, I'll patch your installation as soon as I have a fix available
You, sir, win 6 free internets.I'll have to investigate how vBulletin handles this type of scenario (i.e. someone begins writing a post but then leaves the computer) and see if there's anything I can do on my end, alternatively I have an idea of how to solve it.
It seems like my SFTP access still works, I'll patch your installation as soon as I have a fix available
From what I can tell, this only happens if you allow guests to upload. Can you confirm whether guests have Can Upload in any of your categories?
I tried those exact steps, and when I hit Save I got a No Permissions screen with the login form.
That being said, there's no reason why I can't implement a "you appear to have logged out since you began upload, might want to look into that" message, but at least this should help alleviate the issues until the fix is live.
I tried those exact steps, and when I hit Save I got a No Permissions screen with the login form.
That being said, there's no reason why I can't implement a "you appear to have logged out since you began upload, might want to look into that" message, but at least this should help alleviate the issues until the fix is live.
Update: I've applied a hotfix to your site that should work around this issue.
When a user is browsing the "Modify Download" page, a dummy AJAX request is sent every <Cookie Timeout - 5> seconds (so for your site, every 295 seconds). This has, as close as makes no difference, zero impact on performance, as it doesn't fetch any data and only returns "success".
I've tested it locally and I no longer receive a No Permissions screen if I wait longer than the timeout to submit the form.
Additionally, submitting a download with no files uploaded would previously give a database error - I've fixed that too and uploaded the fix to your site.
Let me know if it appears to be fixed for you too, I'll release v2.1.1
When a user is browsing the "Modify Download" page, a dummy AJAX request is sent every <Cookie Timeout - 5> seconds (so for your site, every 295 seconds). This has, as close as makes no difference, zero impact on performance, as it doesn't fetch any data and only returns "success".
I've tested it locally and I no longer receive a No Permissions screen if I wait longer than the timeout to submit the form.
Additionally, submitting a download with no files uploaded would previously give a database error - I've fixed that too and uploaded the fix to your site.
Let me know if it appears to be fixed for you too, I'll release v2.1.1
Unfortunately, it appears the fix has not worked: http://www.runicgamesfansite.com/vbdownloads.php?do=download&downloadid=463
I repeated the same steps as before. The fix was on the live site, right?
I repeated the same steps as before. The fix was on the live site, right?
The fix worked! I left it for well over an hour before hitting Save and it kept me logged in as long as I was on the page! Thanks!
As for the vbslider thing, I'm preparing a revised site theme with the updated version as part of it, but it will probably be a couple weeks before I implement it
As for the vbslider thing, I'm preparing a revised site theme with the updated version as part of it, but it will probably be a couple weeks before I implement it
I discovered an additional issue where if you set your Cookie Timeout to 2147483647 (the limit of a 32-bit signed integer) it will act as if the interval is 0 due to overflow, which will eventually crash your browser as it runs out of memory.
I do this on my dev board in order to be able to remain logged in to the AdminCP for ~27 days without activity before it times me out.
Since this doesn't really affect your forum I haven't hotfixed your site, but the fix will be in the "proper" release version when it comes out
I do this on my dev board in order to be able to remain logged in to the AdminCP for ~27 days without activity before it times me out.
Since this doesn't really affect your forum I haven't hotfixed your site, but the fix will be in the "proper" release version when it comes out
So... ummm.... this happened again today: http://www.runicgamesfansite.com/vbdownloads.php?do=download&downloadid=491
First instance since we fixed it. Not sure why.
First instance since we fixed it. Not sure why.
- Status
Similar threads
- Locked
- Support ticket
- Locked
- Support ticket
Question
Forum Block "Live Feed" Blank
- Locked
- Support ticket
- Locked
- Support ticket
- Locked
- Support ticket