Dataloss Issue with JComments

[yagudaev]

Hi,

JComments Version: 2.1.0.0
Joomla Version: 1.5.23

I was experiencing a strange data loss issue where user names and emails seemed to disappear after a few days that they have been posted.

To debug the problem, I put some logging code right into the "setQuery" method in database.php in the core joomla library. I posted some test comments, and sure enough after a few days the problem occurred again. I saw the following entry in my log:
09:57:33 (index) UPDATE #__jcomments
SET name = ''
, username = ''
, email = ''
WHERE userid = '0'

09:57:33 (index) UPDATE #__jcomments_subscriptions
SET email = ''
WHERE userid = '0'

This led me to /plugins/user/jcomments.php source file and the code below:

   function onAfterStoreUser($user, $isnew, $success, $msg)
   {
      if ($success && !$isnew)
      {
         $db =& JFactory::getDBO();

         // update name, username & email in comments
         $query = "UPDATE #__jcomments"
            . "\nSET name = " . $db->Quote($user['name']) 
            . "\n, username = " . $db->Quote($user['username']) 
            . "\n, email = " . $db->Quote($user['email']) 
            . "\nWHERE userid = " . $db->Quote($user['id'])
            ;

         $db->setQuery($query);
         $db->Query();

         // update email in comments subscriptions
         $query = "UPDATE #__jcomments_subscriptions"
            . "\nSET email = " . $db->Quote($user['email'])
            . "\nWHERE userid = " . $db->Quote($user['id'])
            ;

         $db->setQuery($query);
         $db->Query();
      }
   }

This makes a lot of sense. For some reason this function gets called with a $user['id'] of 0 (zero) by joomla. Just checking for the value will probably fix it. But I think I maybe missing a deeper problem here.

I dug a little deeper, I found an interesting entry in the log just above that line. It reads as follow:
09:57:33 (index) UPDATE #__users SET password = '03bf53e0532dcc9564073ae205f54dbc:NQ1ZJYvXqALjJjjKKVdA7pkrALj22Fdq' , activation = "" WHERE id = 0 AND activation = '' AND block = 0

After doing a few quick googles and looking at the code, I found this code is coming from the user module (com_user). I also found that it relates to an older vulnerability with joomla com_user module and password resets. So looks like someone is probing around quite a bit. It is probably a bot or a few from the frequency.

I took the needed measures and patched JComments with my custom patch and Joomla Core with the newest version 1.5.25.

Thoughts?

[hildebrand]

I am also having the same problem. what is the solution for this problem?
How do I get the data back?

I am using joomla 1.5.22 and jcomments 2.1.0.0

[yagudaev]

You can't get the data back. Unless your database is regularly backed up, then you can get the data from the backup.

This problem is due to a security vulnerability in Joomla. I have reported the problem to the team so they are aware of it.

To fix the problem, first upgrade to 1.5.25 then you have to change the code to check if user is empty in /plugins/user/jcomments.php:

Code:

function onAfterStoreUser($user, $isnew, $success, $msg)
{
if ($success && !$isnew && $user['id'] !== 0 && $user['id'] !== '0') // ONLY LINE THAT NEEDED TO BE CHANGED
{
$db =& JFactory::getDBO();

// update name, username & email in comments
$query = "UPDATE #__jcomments"
. "\nSET name = " . $db->Quote($user['name'])
. "\n, username = " . $db->Quote($user['username'])
. "\n, email = " . $db->Quote($user['email'])
. "\nWHERE userid = " . $db->Quote($user['id'])
;

$db->setQuery($query);
$db->Query();

// update email in comments subscriptions
$query = "UPDATE #__jcomments_subscriptions"
. "\nSET email = " . $db->Quote($user['email'])
. "\nWHERE userid = " . $db->Quote($user['id'])
;

$db->setQuery($query);
$db->Query();
}
}

You may also try the newest version of Joomla 2.5 that was just released. They may have fixed it there, still have to test it.