iaresee
Active member
- Affected version
- 1.5.23
Edit: NVM. Another admin hard deleted the user from the Admin panel. How it ended up mapping the post to Guest but keeping their username like that is a mystery.
Log entry is:
-------
I'm kind of stumped. I have a post on my forum and the user is shown as a guest:
forum.fractalaudio.com
In incognito mode I can't see a way to post:
I've got no one in the system with that username. And no users awaiting approval.
Post in the DB says user_id for that post is 0? What?
User ID 0 is not in the DB. Nor is a user with that username:
I'm running 1.5.23.
How could this have happened? An exploit maybe? Seems weird to make an on-topic an innocuous post if there is indeed an exploit.
Thanks!
Edit: Yup. I'm planning a 2.x upgrade. Just need more hours in my day!
Log entry is:
Code:
users/henry-peter.60212/delete
array(2) {
["rename"] => string(1) "0"
["_xfConfirm"] => string(1) "1"
}-------
I'm kind of stumped. I have a post on my forum and the user is shown as a guest:
Axe-Fx II "Ares" Rev 1.03 Firmware Release
Are you using the Axe Edit (Gen2)? I have the latest version downloaded 3.14.5
In incognito mode I can't see a way to post:
I've got no one in the system with that username. And no users awaiting approval.
Post in the DB says user_id for that post is 0? What?
Code:
mysql> mysql> select * from xf_post where post_id = 1798085\G
*************************** 1. row ***************************
post_id: 1798085
thread_id: 149141
user_id: 0
username: Henry Peter
post_date: 1559692532
message: I've had this update on my axe for a few weeks now, changed my AC30 sound allot, so basically spent the best part of the weekend trying to dial it back to what i like. Although i'm sure my taste changes from day to day, i'm quite happy with how everything is sound, as stated before the low end of the amps sound allot more convincing then before - I'm new to this axe game, dialling in my go to tone is a hard task.
ip_id: 3983789
message_state: visible
attach_count: 0
position: 415
likes: 0
like_users: a:0:{}
warning_id: 0
warning_message:
last_edit_date: 0
last_edit_user_id: 0
edit_count: 0
1 row in set (0.00 sec)User ID 0 is not in the DB. Nor is a user with that username:
Code:
mysql> select * from xf_user where user_id = 0\G
Empty set (0.00 sec)
mysql> select * from xf_user where username = 'Henry Peter'\G
Empty set (0.00 sec)
mysql> select * from xf_ip where ip_id = 3983789\G
*************************** 1. row ***************************
ip_id: 3983789
user_id: 60212
content_type: post
content_id: 1798085
action: insert
ip: Q`Q�
log_date: 1559692532
1 row in set (0.00 sec)
mysql> select * from xf_user where user_id = 60212\G
Empty set (0.00 sec)I'm running 1.5.23.
How could this have happened? An exploit maybe? Seems weird to make an on-topic an innocuous post if there is indeed an exploit.
Thanks!
Edit: Yup. I'm planning a 2.x upgrade. Just need more hours in my day!
Last edited:
