Dolphin Connect Bug

In trying to track down why I have a Dolphin profile that connects to an existing UNA profile I created a new profile in Dolphin, Jimmy Morgan, and a different profile, Jimmy Wilkes, in UNA.  I tested and the Dolphin connect worked properly creating a new account in UNA, Jimmy Morgan.  However, I still have that one account that instead of creating a new account, connects to an existing account.  My hosting provider thinks it is how Dolphin Connect is determining if the account exists or not; that somehow it sees the account as the existing account and is connecting to it instead of creating a new account.  My hosting provider wants some clarification on the follow code from the Dolphin Connect module.

$aRemoteProfileInfo = $aResponse;
if ($aRemoteProfileInfo) {
// check if user logged in before
$iLocalProfileId = $this->_oDb->getProfileId($aRemoteProfileInfo['id']);
if ($iLocalProfileId && $oProfile = BxDolProfile::getInstance($iLocalProfileId)) {
// user already exists
$this->setLogged($oProfile ->id());
}
else {
// register new user
$this->_createProfile($aRemoteProfileInfo);
}
}
else {
$this->_oTemplate->getPage(_t('_Error'), MsgBox(_t('_sys_connect_profile_error_info')));
}

  • View
    543
  • More
Replies (7)

    • Hello Will Monte !

      Yes, to given code is responsible for checking if the user from the Dolphin site has already an account + profile in the UNA database or not.

      The createProfile($aRemoteProfileInfo) method was declared in the modules/base/connect/classes/BxBaseModConnectModule.php parent class, see the structure and methods here:

      https://ci.una.io/docs/classBxBaseModConnectModule.html

      It inserts the prepared info to the sys_accounts table and if necessary to the profile's tables: sys_profiles +bx_persons_data or bx_organizations_data).

      • Ok thank you LeonidS , i will let my hosting know, thanks bro!

        • LeonidS My hosting wanted a breakdown.  To make it easy I just paste in what she wanted to know.

          Can you break things down a bit on what is happening?  It seems to me that account IDs are being checked but when checking the database the account ID in Dolphin didn't match with UNA account.  I would think you wouldn't check on IDs though.  Let's walk through the code:

          $aRemoteProfileInfo = $aResponse;

          This is fetching an array; I would assume, from the Dolphin site of the user trying to connect using Dolphin Connect module.  Is that correct?
          if ($aRemoteProfileInfo) {

          If the array exists, continue
          // check if user logged in before
          $iLocalProfileId = $this->_oDb->getProfileId($aRemoteProfileInfo['id']);

          OK, this is an integer by the i and from the name I would think it is a UNA ID; not the Dolphin ID; is this an account ID or a Profile ID; remember in Dolphin we only had Profile IDs?  This seems confusing to me because it appears we are checking IDs and not account names to see if the account already exists.
          if ($iLocalProfileId && $oProfile = BxDolProfile::getInstance($iLocalProfileId)) {

          Exactly what are we comparing here from both the UNA side of things and the Dolphin side of things?  If they are equal, then the conclusion is that the Dolphin user already exits in the UNA site.  This must be where things are getting interesting because it set a Dolphin user that DID NOT exist in UNA as existing in UNA; therefore we are getting a false positive here.


          // user already exists
          $this->setLogged($oProfile ->id());
          }
          else {
          // register new user
          $this->_createProfile($aRemoteProfileInfo);
          }
          }
          else {
          $this->_oTemplate->getPage(_t('_Error'), MsgBox(_t('_sys_connect_profile_error_info')));
          }

          • Your questions are marked as italic:

            This is fetching an array; I would assume, from the Dolphin site of the user trying to connect using Dolphin Connect module.  Is that correct? 

            Correct.

            OK, this is an integer by the i and from the name I would think it is a UNA ID; not the Dolphin ID 

            Correct, this is the result of the following query:

            SELECT `local_profile` FROM `bx_dol_accounts` WHERE `remote_profile` = $iRemoteId

            Exactly what are we comparing here from both the UNA side ...

            The mentioned table `bx_dol_accounts` keeps the Dolphin id and the current profile id from the UNA created for this "connected" user. There is no situation to use the Dolphin user ID directly in the UNA.

            • My hosting asked me to post this:

              Checking IDs would seem to be problematic.  I am number 2 on Dolphin and there already exists a number 2 on UNA; but the number 2 on UNA does not have a Dolphin account.  Could you please explain the algorithm?  I am going to delete the entry from the bx_dol_accounts and see if it recreates it; sees if it recreates hijacking an existing UNA account or not.

              I know you think this is minor but it isn't.  The Dolphin user was connected to an admin account on UNA and gained full access to the site; so this is a serious bug.

              • Update from my hosting:

                I removed the entry from bx_dolcon_accounts and then did the Dolphin Connect to UNA for the same Dolphin account.  This time the member connected to a different UNA account than it did the first time.  It could be something about the Dolphin account but all the same; it shouldn't be doing this.

                • This is important; well, to us anyway; Boonex might not think it is important.

                  Login or Join to comment.