Profile icons show logged in user for all users

[hayaza]

Using fresh install of elgg 1.7.

Created 2 users, admin and hayaza, uploaded profile icons.

After login with both accounts. Login using user:admin, open hayaza's profile, profile icon shows admin's photo. Logged-out, login using user:hayaza, admin's icon shows hayaza's photo.

[hayaza]

diagnostic result

[hayaza]

I am using shared hosting, standard Linux Apache MySQL & PHP. Everything looks okay.

But I am using local windows hosts file to translate webserver IP to domain name. Its because I dont want to open the website to public. So only me can open the domain.

Can it be the problem ?

[brettp]

I can't duplicate this bug on my local copy of 1.7.

@Hayaza - When you are experiencing an incorrect icon, could you force a hard-refresh (shift + reload) of the page to see if the issue resolves? If it doesn't resolve, could you run ​http://yourhost.com/upgrade.php?

[hayaza]

@Brett

I have force hard refresh.

Can you try it on my live elgg install ? You can see the bug there, I'll give you the detail below.

etc hosts file : 219.83.122.172 jammaah.net

user: hayaza password: telo123
user: admin password : telo123

[hayaza]

from the dashboard you can see that the two members (hayaza & admin) have the same profile icon. It should be different. I have uploaded two different icon for 2 members.

THe same error shows if I tried to open ​http://jammaah.net/mod/profile/icondirect.php?lastcache=1268749363&username=hayaza&size=large it still shows admin's icon.

[cash]

There have been at least 3 reports of this on the community site. I think this is caused by running PHP as a CGI process.

While Elgg does not officially support CGI, there are a fair number of hosting providers who only provide PHP as a CGI process. I'm inclined to take a look at this. It will probably take less time to fix this than deal with all the people reporting this issue in the community site.

[brettp]

That was my first thought, but I tested this running PHP as CGI under nginx. Haven't tried running CGI under Apache, though.

It looks to be a problem with icondirect.php calling icon.php when the size is tiny. If you call icon.php with the username and size it works fine. Also, if you call icondirect.php with any size other than tiny it works.

I think it might be related to the page_owner_entity() call at the top of icon.php. If that's returning the currently logged in user it would cause this problem...

[hayaza]

@Brett

Not only when the size is tiny, also other size. I tried yesterday, giving me the problem with large, medium icon.

[hayaza]

If that's returning the currently logged in user it would cause this problem...

Yup, I think currently logged in user would cause this problem, because if I switched to another user, that user icon will replace other members icon.

[brettp]

@hayaza - You're correct about the size. The behavior is erratic...possibly due to caching on my side.

[alysami]

diagnostic report for bonah.org

[alysami]

i attached the report if it could help, please notice that i did upgrade from 1.5 to 1.7 on a godaddy shared hosting, i have another problem that i cant edit wedgets on any profile .. i dont know if it is a related problem or a standalone.

[cash]

@alysami - could you upload the file without the rar compression? You could either rename the original diagnostic file as something like bonah_diagnostic.txt or use a more common compression program. Thanks.

@brett - I setup FastCGI with Apache2 and could not reproduce. hayaza is using CGI with Apache1. I'm still working under the assumption this is a server related issue because I cannot reproduce.

[alysami]

diag. file for bonah ( Users icon login in problem )

[alysami]

i create an admin account for you if you want to checkout the admin area.
​http://www.bonah.org/social/
username:cash
pass:cashcash

please change the pass once you logged in

[brettp]

@Cash Good catch with Apache 1. Both of these servers are running with PHP in CGI mode on Apache 1 servers, so I'd agree it seems to be a problem with Apache 1 servers and CGI mode.

[cash]

Some more information from alysami's site:

I get my own icon if I hit:

• mod/profile/icondirect.php?username=samy

I get the correct icon if I hit:

• mod/profile/icon.php?username=samy

The username in icondirect.php is retrieved using $username = $_GETusername?;. I bet that this is returning nothing and then later when set_input is used, it clears out username so that icon.php has nothing to pick up. I don't think there is any reason to call set_input for either size or username in icondirect. In fact, we should just wrap the entire thing in a if(FALSE) and include icon.php until the caching is fixed. No reason to even open the db connection with the current state of the code.

[alysami]

i quick - temp - fixation in start.php file in /mod/profile/ root

[alysami]

I changed this

if ($filehandler->exists()) {
					//$url = $CONFIG->url . "pg/icon/$username/$size/$icontime.jpg";
					return $CONFIG->wwwroot . 'mod/profile/'''icondirect.php'''?lastcache='.$icontime.'&username='.$entity->username.'&size='.$size;

to this

if ($filehandler->exists()) {
					//$url = $CONFIG->url . "pg/icon/$username/$size/$icontime.jpg";
					return $CONFIG->wwwroot . 'mod/profile/'''icon.php'''?lastcache='.$icontime.'&username='.$entity->username.'&size='.$size;

of course it didn't solve the problem but it make the icons show correct on my production site :)) , thanx cash for the hint

[twola]

I have the same issue.

You can look at my site at: ​http://phpfixes.com (which is ironic as I need a fix myself)

Any how here is the info:

​http://phpfixes.com/phpinfo.php

[cash]

Try commenting out the 2 set_input() calls at the bottom of mod/profile/icondirect.php and let us know if that fixes the problem.

[twola]

That did it. Will that limit some other functionality?

Thanks

[cash]

No, you'll have the same functionality as everyone else with Elgg 1.7. The underlying data directory structured changed in Elgg 1.7 and that has turned off profile icon caching until the caching code can be rewritten.

Could you do one more thing for me since I cannot reproduce this on my servers?

On line 49 - just after the mysql_connect call add this line: error_log('mysql connect succeeded');

On line 103 at the end of the if statement for the mysql_connect, add an else clause - something like

} else {
    error_log('mysql connect failed');
}

and then let me know which is printed to your server's error log when the problem occurs.

[hayaza]

@Cash So is it because of PHP runs in CGI ? Or else ? I've moved my site to different hosting that runs php as apache module and the icon problem doesnt happen.

If I move back to previous hosting with PHP runs as CGI and then commenting set_input() calls will it fix the issue ?

Thanks

[alysami]

@hayaza
try to replace the start.php file in /mod/profile/ root with the one i attached, it worked for me.

[diraol]

I had the same problem (fresh install) and the Hack proposed by alysami wordked for me.
I've also tried the cash suggestion and it worked also:
"Try commenting out the 2 set_input() calls at the bottom of mod/profile/icondirect.php and let us know if that fixes the problem. "

[tobiasweise]

Replying to diraol:

I had the same problem (fresh install) and the Hack proposed by alysami wordked for me.
I've also tried the cash suggestion and it worked also:
"Try commenting out the 2 set_input() calls at the bottom of mod/profile/icondirect.php and let us know if that fixes the problem. "

I had the same issue at our site. Commenting out the two set_input() worked just fine. Big thanks to the community

[cash]

(In [svn:5567]) Fixes #1989 and refs #2035 - profile icondirect should work for those using CGI