Download: Duplicate Members Logger

[PrinceOfAbyss]

This is fixed. Once I finish the rest of the additions of 3.0.2 I'll update the file in MP.

[akke]

Well, it did not. It did report multiple unique machines but I only used one machine at that time. But it did not detect the duplicate. (Right now it has detected duplicates but I have been working on other projects and been logging in/out to a couple of test-accounts from the same browser now)

I know this particular issue is not nessessarily related to the fact it did not detect the duplicate (because it should be able to detect them when viewing the main board index). But yesterday evening I started debugging why it didn't detect that duplicate and when I took my laptop (in order to have a fresh computer, not containing any dml flash cookies) I logged on to a new account and found out that the unique_machines field of the members table stays empty. I don't know why, I didn't debug it further because I quickly noticed that dml.swf was posting to the wrong URL.

So, while debugging the first problem I detected a second one. And the flash source for dml.swf's is not included so I stopped debugging.

I'll re-start debugging the first issue once the second one is fixed (which you said will be fixed in 3.0.2). But I realy can't open my test-board to the public internet because of the network complexity over here, and I don't have another IP.Board license to do a test-install on a public server...

[AlexJ]

Abyss, wouldn't it be possible to give akke access to your test board if he wants to help in debugging the issue? Just suggesting.

[PrinceOfAbyss]

Possible, yes it is. Necessary, no it's not… Like I said, the issue is already fixed, and will be included in 3.0.2. Don’t worry AlexJ. :)

[PrinceOfAbyss]

Well, it did not. It did report multiple unique machines but I only used one machine at that time. But it did not detect the duplicate. (Right now it has detected duplicates but I have been working on other projects and been logging in/out to a couple of test-accounts from the same browser now)

I know this particular issue is not nessessarily related to the fact it did not detect the duplicate (because it should be able to detect them when viewing the main board index). But yesterday evening I started debugging why it didn't detect that duplicate and when I took my laptop (in order to have a fresh computer, not containing any dml flash cookies) I logged on to a new account and found out that the unique_machines field of the members table stays empty. I don't know why, I didn't debug it further because I quickly noticed that dml.swf was posting to the wrong URL.

So, while debugging the first problem I detected a second one. And the flash source for dml.swf's is not included so I stopped debugging.

I'll re-start debugging the first issue once the second one is fixed (which you said will be fixed in 3.0.2). But I realy can't open my test-board to the public internet because of the network complexity over here, and I don't have another IP.Board license to do a test-install on a public server...

These three phrases are contradicting... If unique_machines field stayed empty, it shouldn't report multiple unique machines... That's exactly the field Overview page is pulling data from. And you even got duplicates also, so it CAN'T be empty...

[akke]

I guess I didn't explain it well then. The first "It did report multiple unique machines" happend when trying with my desktop computer. unique_machines was not empty then.

"the unique_machines field of the members table stays empty" happend when I tested with my laptop. I only checked the account I logged in with, with my laptop, and unique_machines was empty for that account...

[PrinceOfAbyss]

I guess I didn't explain it well then. The first "It did report multiple unique machines" happend when trying with my desktop computer. unique_machines was not empty then.

"the unique_machines field of the members table stays empty" happend when I tested with my laptop. I only checked the account I logged in with, with my laptop, and unique_machines was empty for that account...

It was empty. Then it wasn't empty. Then it got empty again (implying it was empty for that particular member). Go figure...

So many things implied... So many false impressions created... I wonder whether this is deliberate or not...

Anyway, the bug is fixed. Honestly, thanks a lot for pointing it out. :)

I now have to do some work, as my day job is very much demanding, and I also have to find the time to finish the rest of the improvements of 3.0.2

PS: No, I didn't get mad you found a (minor) bug in my app. I'm very thankful for that. It's you attitude that bothers me...

[akke]

These are the steps that I did:

1. Install DML on test board

2. login using account abc1 with browser Firefox

3. login using account abc2 with browser Chrome

Result: DML did not detect any dupplicate.

4. login using IE on account abc2 with browser IE9

Result: DML did not detect any duplicate

Then I wanted to debug this issue so I took my laptop (because I wanted a computer without any dml flash cookie on it).

With my laptop:

1. login using account abc3 with browser Firefox (older version, version 14.0.1 is installed on it)

2. Checked my apache logs to find out what exactly happens and checked the members table field unique_machines.

At that time unique_machines was non-empty for account abc1 and account abc2 (the accounts I used on my desktop computer).

But account abc3 (the one I logged in with my laptop) had an empty unique_machines field.

3. I clicked a couple of pages on my laptop

Still, unique_machines stays empty for account abc3.

4. I noticed (in my apache logs) that dml.swf is posting to the wrong URL.

5. I wanted to see where dml.swf gets the URL from but noticed the flash source is not included. So I stopped debugging.

[akke]

I think I know why your app was unable to detect the duplicate. Local Shared Objects (Flash cookies) seems to be no longer as persistent (as they were, for example, a year ago). After reading this wikipedia page it's now clear that as of January 5 2011 Adobe Systems, Google Inc., and Mozilla Foundation finalized a new browser API that enabled all browsers to clear the local shared objects. A couple of months later Adobe released Flash player 10.3 which enabled older browsers like Firefox 4, Safari and Chrome to delete local shared objects aswell. And I guess it's being used on my desktop and laptop, altho I did never do any special privacy configurations or anything.

I just wrote a very simple actionscript that tries to read and write a LSO. When I first visit that page from IE9 it tells me that the LSO is empty and it wrote data to it. Hitting refresh tells me that it was non-empty and was able to read it, displaying the content.

Going to Firefox the page does exactly the same: first visits it saves a LSO, second visit it was able to read and display it. So my firefox was unable to read the LSO written within IE9.

Next I tested it with Chrome, in Chrome the first visit was able to read the LSO. It did not have to write the LSO...

I don't know why it worked with Chrome on my desktop, but on my laptop it also didn't work with Chrome (versions differ but I don't know it is related)

So it looks like cross-browser user tracking just seems not to be working as expected by the app.

[akke]

Btw, clearing browser's cache now also removes flash cookies. I can confirm this after testing with a couple of recent browsers.

So your app's documentation is no longer correct: "The use of a Flash cookie makes the application a cross-browser solution to deal with "ghost" members, as it detects and reports them even if they use one browser for each registered account or even after they clear their browser's cache"

[Aussie Cable]

@Extreame™

I also registered on your forum. Look what wireshark tells me:

182133 957.792085000 192.168.168.5 103.4.17.82 HTTP 1063 POST /forum/5-news-and-announcements/index.php?app=duplicates&module=process&section=process&do=append HTTP/1.1 (application/x-www-form-urlencoded)

183464 1055.399733000 192.168.168.5 103.4.17.82 HTTP 1075 POST /gallery/category/1-members-albums-category/index.php?app=duplicates&module=process&section=process&do=append HTTP/1.1 (application/x-www-form-urlencoded)

...

Same things.. posting to the wrong url...

Look no offense, you are not an Australian, you don't have Telstra/Bigpond Cable internet, you have no need to be registered, your banned!

[AlexJ]

Look no offense, you are not an Australian, you don't have Telstra/Bigpond Cable internet, you have no need to be registered, your banned!

I don't know what your comment has to do with his findings? Does it really matters from what country he is? I don't think it matters to him if you banned him on your forums..Not sure if your post is sarcasm or just bash post.

He is trying to help and finding bugs so application can be made more nicer. We all know Abyss is nice and if akke findings are correct that by simply deleting browser cache it deletes flash cookies then we need to find some another way out. I don't know why this topic has turned little bit to personal allegations.

I hope Abyss and akke can work together out and make this application more nicer and perfect to detect cross browser trolls :) Good luck guys!

Thanks

[Aussie Cable]

Nevermind..........

[AlexJ]

My reply was very relevant as he does not fit the criteria of our forums, I personally think that is very relevant to his reply, don't you?

He registered on our forums, to test an app that has nothing to do with our communities format (what we discuss), this is a spam registration (regardless if he posts or not), because the intention was not to post at all, but to test this app on a live site by registering.

He registered on your forums to test the application which we are using to provide bug report with example so that application can be made more perfect. May be you need to understand the meaning of spam but it's ok, you are entitled to your opinion.

http://en.wikipedia.org/wiki/Spam_(electronic)

http://spam.abuse.net/overview/whatisspam.shtml

Look no offense, you are not an Australian, you don't have Telstra/Bigpond Cable internet, you have no need to be registered, your banned!

We don't need to know which users you are banning on your forums. It's none of our concern and if his simple registration bothered you that much then you should ban/restrict all users out side of Australia using Cloudfare or other tools out in market. That being said ToS on your forums no where mentions that users are not allowed to register on your forum if they are not from Australia or whatever. So your forums ToS in itself are contradicting with whatever you mentioned in your post.

I guess you can pull out the old ace card of freedom of speech..I am not going to enter in argument over with you since I foresee it's going to be pointless and will derail the purpose of support topic of this application.

[wsf]

request: exclude usergroups

We have a usergroup for technicians who help code and design our site. They use second logins to try different skins and other permission-dependant stuff. It would be nice to be able to select certain usergroups to be excluded. At the moment every member has to be added manually.

[PrinceOfAbyss]

Sorry, no plan at all to add a per-group exclusion.

It doesn't worth the time coding that, compared to the time needed by an admin to exclude even 15-20 members. I mean, come on, there is even a write-ahead input field in Exclusions Management section. It can't be that time consuming... ;)

I'd rather spend that time to add something really useful. ;)

[PrinceOfAbyss]

Time for some teaser images!!!!!

Here you see the settings page regarding the new "Postify All" feature. Needless to say that all possible checks are performed during Settings Save to prevent errors, ie you can't select more than one forum to create topics in. Although I put a multi-select box (as I thought it's more user-friendly than the drop-down), there is a check that doesn't save the setting if more than one forums is selected.

Two settings below is the setting that allows you to define the fields you want to be included when creating a new warning topic (replacements of ##DUPLICATES## quick tag). Available fields are: Display name, Group, Join date, Last activity date, Posts count, and IP address. A similar code check makes sure that you can't deselect Display name. All the rest fields are user-configurable.

Here is a screenshot right after a Postify All process finishes. Once you click the button, a fully AJAXified process creates a topic for the members of the duplicate group. You see the tooltip with the correct timestamp message, and also note that the icon is even linkable to the new topic.

Additionally, the PM notification feature is fully AJAXified.

Also, for both processes (Notify and Postify), as soon as you run them, the tooltips are programmed to automatically reflect the new timestamps. This may seem minor but I mention it as it gave me a very hard time to achieve and I had to go deep in the Prototype framework for it.

Finally, here you see the actual topic. There is not much to say about this! Of course it shows only the fields you have selected in ACP (ie in this screenshot IP addresses were deselected, so not visible).

I'll need a couple more days to also implement Blackwolfe's idea regarding the pagination and redirect page, and then I'll update the file. I wouldn't like to give you a date, ie tomorrow, or the day after, or on Friday, but it's very very close! Also consider the enhancements that took place during this week and you'll be happy you waited a little more!

Edit: I forgot to mention that the text-areas for the content of the PM and the topic are now replaced by two full-editors.

Edit 2: Now that I think about it, I'll also include Email among the available replacement fields. I'll also make the topic creation process to automatically subscribe to the new topic the admin that triggers the process.

[Blackwolfe]

Thanks so much for focusing your time on enhancing this!

[PrinceOfAbyss]

Edit 2: Now that I think about it, I'll also include Email among the available replacement fields. I'll also make the topic creation process to automatically subscribe to the new topic the admin that triggers the process.

Done! :D

[PrinceOfAbyss]

Thanks so much for focusing your time on enhancing this!

My pleasure! :)

[Kyle F]

Looks nice. I may purchase it, though why would it need a "renewal"? It's not exactly a license..

[PrinceOfAbyss]

Looks nice. I may purchase it, though why would it need a "renewal"? It's not exactly a license..

Thanks! :)

About the renewal, maybe you are unfamiliar with the term Renewal in Marketplace? It doesn't prohibit you from using it once "expired"... You just can't download further updates!

[Kyle F]

Thanks!

About the renewal, maybe you are unfamiliar with the term Renewal in Marketplace? It doesn't prohibit you from using it once "expired"... You just can't download further updates!

Ah...perfectly explained. Thanks.

[akke]

Do you know of another way to make the cookies persistent? As flash cookies are no longer persistent the way it's described. flash cookies are getting removed from the browser together with regular cookies...

[PrinceOfAbyss]

You definitely have your issues there akke. What's your problem with my app? Have you used it and didn't get your job done? Have any dups evaded?

And what's this obsession with persistence etc? First of all, do you know the definition of persistence? It's about producing the same GUID each time it gets produced. This would require Flash to somehow calculate it based on something constant (CPU id, MB id, HDD id etc etc). This info isn't available through a browser anyway (for security reasons obviously), so I did the next best option available.

The idea behind this app is this (once again):

You login to my community. You get a guid. This guid is tied to your member id once and for all. Somehow your guid gets deleted (either you deleted the .sol, or cleared your browser's cache etc). The next time you log into my community, and since you don't have anymore a guid, the system will produce another one for you, and append it to your current machine guids, so this one is tied to your member id too.

Once the time comes to calculate the duplicate groups it will gather all your machine guids and compare them to all machine guids of all members in my community. That's how it builds the duplicates.

So, what's the real problem in .sol's being deleted with your browser's cache? All it takes is to produce a new .sol and append the guid to your account info. The only problem is it ruins the stats in Overview... But who really uses this app to track their stats?

Now, unfortunately you have your way to raise my pressure each time I read a message you post... So, this is the last time I respond to questions of this nature to you. If you like my app, feel free to continue using it. After all you've purchased it. If you find any bug I'll be more than happy to resolve it for you. But, I won't discuss any more technical details here.