Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Critical problem - osC adds wrong orders to account history


Recommended Posts

Sometimes when I register a new account or when I put all information to buy a product without an account (PWA BS module), there are some wrong orders in account history. It's serious issue, because it means that one client can see some orders of another clients, with all personal data. Also, I have loyalty discount module, so it counts those orders. I can't fully reproduce this problem, because it happens only sometimes, so it's hard to find a source of problem. Only one thing which I am almost sure is, it gets only orders done by clients without an account, but sometimes it's one order, sometimes few orders, usually none.

Do you have any idea why does it happen?

Link to comment
Share on other sites

@raiwa maybe you got any (any) ideas what's the reason? I've done many tests yesterday and it didn't happen even once. But sometimes it is. I'm putting all data to register an account (or to buy without account), then it's being registered and in the box "Order history" and in account_history.php it shows some wrong orders, made by another clients.

Link to comment
Share on other sites

Hello Mick @jampjamp,

I never got something similar reported with PWA BS. Can you give some more information, which loyalty discount module are you using. When did you add it and did the problem happen before you added  loyalty discount module or changed something else.

What are the exact characteristics of the orders where this problem appears.

It must be that the orders are stored with the wrong customer ID or listed with the wrong customer ID. Very difficult to find out without having a llook in your database and files.

Link to comment
Share on other sites

@jampjamp

Recreate session is true in session configuration?

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

You need to take your shop down until you can get to the bottom of this. 

Exposing a clients data to another client...that's incredibly serious and if one of them takes it forward, you could easily end up with no business at all.

Suggestion;  get a developer on it asap.

Suspect;  the problem is somewhere in the guest account system (why anyone has this is just beyond me).

Link to comment
Share on other sites

@jampjamp, @burt

 

I suppose we are talking about :

Purchase without account BS

I checked a store using this contribution since more than a year-> no duplicated customer ids.

The procedure to create guest and regular accounts is identical as well as the checkout procedure (clean core script). Each guest  checkout creates a unique correlative customer id, just like creating a new regular account. The only difference is that the account gets flagged in an additional column as a guest account. Guests have no access to their order history. Even if a guest proceeds to qualify his guest account into a regular account or if he repeats as a guest or whatever, there is virtually no possibility to get duplicated customer id's, which is as far as i can see the reason to see orders from other customers.

To confirm this, you should check in your database if the 2 customers the orders belong to, have the same customer id and also if one of the orders showing wrong is  a guest order.

As always, it is possible that a third party contribution/modification interferes.

I agree that it is a serious problem and that the installation should be checked.

Link to comment
Share on other sites

Hi, sorry for long time of answer.
At first I want to say that my shop migration from MS2.2 to BS Edge is still under testing in localhost, so there is nothing to worry about :) @burt

@raiwa I'm using old ot_loyalty_discount.php order total module: https://apps.oscommerce.com/osgrq&customer-loyalty-discount-scheme It works in BS version with micro changes. I think it has nothing to do with this, just gets wrong informations as core engine.

On 22.09.2017 at 3:48 PM, raiwa said:

@jampjamp, @burt

 

To confirm this, you should check in your database if the 2 customers the orders belong to, have the same customer id and also if one of the orders showing wrong is  a guest order.

Ok, I will check it when the problem occurs once again, because now it doesn't want to happen and everything works as it should. Worst kind of problems, by the way.

On 21.09.2017 at 6:16 PM, Gergely said:

@jampjamp

Recreate session is true in session configuration?

@Gergely Yes, it's true. Here are my session settings: https://i.imgur.com/IR4nkSP.png

 

Link to comment
Share on other sites

@jampjamp,

Then a possible explication would be:

- you created some test accounts in the new store

- then you imported accounts from your old store

- you didn't mark "drop table if exists" when you exported the old customer tables

- and you didn't delete (truncate table) the customer data in the new database before importing old customers

- in this scenario you'll get duplicated customer ids

- > aways empty( truncate) the table of the new databse before importing or include ""drop table if exists"  when you export the old table, if no structural difference exists between both database tables.

Link to comment
Share on other sites

customers_id never be duplicated due to table structure when PRIMARY KEY (customers_id) is used even if table structure is bad. I suppose that customers_id is null or mixed in session when this issue happened. This could be session recreation issue. What is the PHP version? Have you installed v2.3.4.1 update packages?

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

1 hour ago, Gergely said:

customers_id never be duplicated due to table structure when PRIMARY KEY (customers_id) is used even if table structure is bad. I suppose that customers_id is null or mixed in session when this issue happened. This could be session recreation issue. What is the PHP version? Have you installed v2.3.4.1 update packages?

@Gergely, Yep, you are right, wasn't aware of this

Link to comment
Share on other sites

2 hours ago, Gergely said:

customers_id never be duplicated due to table structure when PRIMARY KEY (customers_id) is used even if table structure is bad. I suppose that customers_id is null or mixed in session when this issue happened. This could be session recreation issue. What is the PHP version? Have you installed v2.3.4.1 update packages?

 

54 minutes ago, raiwa said:

@Gergely, Yep, you are right, wasn't aware of this

@Gergely,Thought again about and I believe what I explained can happen in the order table. So the wrong orders can be linked to a customer.

Link to comment
Share on other sites

select c.* from customers c left join orders o on o.customers_id = c.customers_id where o.customers_id is not null and o.customers_guest = 1
group by c.customers_id

I am not an expert of your PWA mod @raiwa but something like the above sql could help to track something for @jampjamp. Could it be correct sql query?

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

  • 2 weeks later...

@raiwa @Gergely

Since our last posts I've tried many times to get the problem again and it didn't appear even once.

But I've seen in "Order history" box that if I would buy a product (checkout success) as guest and make an interrupt on choosing if I want to register an account, then the last order will be in the box even after restarting the server.

Of course I know it's actually normal, because it disappears on next page and is being kept for someone who chooses to set the password, but maybe in some circumstances it's shown for another customers? Or maybe sometimes I can see those orders because it's still same session and if it would be another customers they would never be able to see that?

@Gergely I've missed your questions. PHP is 5.3.21. I didn't make an update to 2.3.4.1 because it's bootstrap edition I'm working on, so I guess it doesn't fit together. Your SQL query shows 16 rows. One is my own migrated account which I was using to tests, another are newer test accounts: https://i.imgur.com/Ugujox0.jpg

I don't know what to do now, because I've spend a lot of time to get all backend & frontend to be ready for migration, but now I'm little bit scared if it won't happen again. Do you have any other ideas what should I check?

Link to comment
Share on other sites

15 minutes ago, jampjamp said:

@raiwa @Gergely

Since our last posts I've tried many times to get the problem again and it didn't appear even once.

But I've seen in "Order history" box that if I would buy a product (checkout success) as guest and make an interrupt on choosing if I want to register an account, then the last order will be in the box even after restarting the server.

Of course I know it's actually normal, because it disappears on next page and is being kept for someone who chooses to set the password, but maybe in some circumstances it's shown for another customers? Or maybe sometimes I can see those orders because it's still same session and if it would be another customers they would never be able to see that?

@Gergely I've missed your questions. PHP is 5.3.21. I didn't make an update to 2.3.4.1 because it's bootstrap edition I'm working on, so I guess it doesn't fit together. Your SQL query shows 16 rows. One is my own migrated account which I was using to tests, another are newer test accounts: https://i.imgur.com/Ugujox0.jpg

I don't know what to do now, because I've spend a lot of time to get all backend & frontend to be ready for migration, but now I'm little bit scared if it won't happen again. Do you have any other ideas what should I check?

Update is a security update so you have to do it.

PWA session is a pressed session with fake registration and keep alive until user log out or the session will be expired.

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...