Thread

Hi there,

I’m having a bit of trouble with the ‘comments’ on my blog posts.  The ‘Name’ and ‘Email’ fields are pre-populated with the information of the Super Admin (me).  This is leading to a usability issue, and a bunch of spam posts using my information.

I’ve seen these threads - to which the answer was to move the comments out of the channel tag pair. Unfortunately, mine are already outside of this…
http://ellislab.com/forums/viewthread/167222/
http://ellislab.com/forums/viewthread/166486/
http://ellislab.com/forums/viewthread/168067/

If anyone would have any suggestions, i’d be incredibly grateful.

Example:
http://designking.com.au/site/post/studniberg_house_commences_construction

My code:

No Official support here for the next two days. but…

in your form in the template code you have:

<input type="text" tabindex="1" value="{name}" id="name" name="name">

Where you have value=”{name}” this is auto populating the contact form field from your profile details as you are logged in (meant to be easier/quicker for logged in users).
Logout, or view the same page through another browser that is not logged in and nothing will be there.

Or just remove the {name} tag from inside the value option. Note there will be other bits like this in your other fields too i.e. email address, etc.

This is all in the EE Userguide though - your going to need to use that over the next few days with no official support about.

Thanks for your reply,

Removing the value does remove my name & email from the fields, however even after logging out and submitting a comment (that needed to be approved by an admin), the backend still displayed my (super-admin) details for the name and email address.  This after I specifically entered a different name & email.

Is there something fishy going on here?  A friend who’d never visited the site (and countless spam bots) are able to post with my details replacing anything they enter too.

Very strange. 

Thanks again… The no support thing is a lil scary, but totally justified.

I have just visited your site:
http://designking.com.au/site/post/studniberg_house_commences_construction

and confirm the fields are blank. I would suggest logging out of both the front end and back end, clearing browser and EE cache… Delete all comments and then test to make 100% sure you are inputting fresh details.

If your details are still being inputted - then i have no idea how as there is no template tag to explain this.
The previous problems mentioned in the first post say move comments out of the channels tag because it is effectively populating the comment form with the authors details from that blog post. So double and triple check there are no other channel entries tags wrapping the comments area.

In testing, i also find having a separate browser installed on your machine very handy. You can be superadmin in firefox, but a completely unlogged in user say Google Chrome, etc. Quicker and cleaner for testing.

Also for debugging… try creating a second super admin account. From that account create another test blog post. logout of everything and submit the comment form. Whose details appear? the new or old super admin? if the new details appear this suggests the values are being populated by the author of the blog post.

Thanks so much for this btw.

Just to clarify - you’re probably not seeing my details because I removed the {name} and {email} from the template (i dont see them now either), but they still submit as me.  I also tested in a few browsers, and just on your last point - the old super-admin details appear - consistently irrespective of who posted the article.

Super weird huh?  I’m just trying to delete the ee-cache now, but I have done this previously to no avail.

I just replaced the {name} and {email} tags in the template now - so from now you should be seeing my details in the fields?

yup seeing your name and email even though i am not logged in. This really does mean something other than the login is populating these fields.

Either a stray channel entries tag populating it via the author details.
Or perhaps a stray module/extension/plugin conflict.

Any modules/extensions that could be disabled to test? Make sure you don’t break anything! so be careful.

So strange!  I’ll try disabling a few things now.

Imgsizer is notoriously a problem, but didn’t seem to affect this when i removed it.  Other than that i’ve only really got Gravatar and the Matrix fieldtype.

I’ll give those a shot too.

ImgSizer i have never had trouble with - and that never accesses comment forms.
Gravatar is a good bet - considering you are using that within comment area!
Matrix & Imagsizer - i am using on many sites without your issues. Gravatar i have never used so guessing it could be that! guess though!

Perhaps setup a quick test channel with only one basic field and a single empty template to test output of that channel with a comment block on it. Should be easy enough to cut and paste from existing locations and to get rid of anything odd that might be causing it. at least then you can identify if it is EE or not.

also a real strange long shot. you change value=”{name}” to value=”“.... try removing the value tag altogether as perhaps EE is using some kind of default population here?

Hi again,

So I’ve just tried removing gravatar, updating gravatar, and removing the value=”” altogether, but still no dice. 

This is pretty crazy.  I’ve also gone through the template debug logs, but haven’t been able to find anything of note.

I’ve posted them here too: http://pastie.org/1325473

what version of EE are you on? the latest?

I have just knocked up a test (new field group, field and channel) on one of my sites with 2.1.1 with matrix and imagsizer plus many other addons installed and when logged into the backend it did auto-populate my admin user details.

When i access the same page via another browser which has never been logged in, the details are blank. submit the form with details and everything works, no super admin details overide occurs.

This can only lead me to believe it is a extension or template bug in your setup. Whether that or stray cookies from when your logged in i don;t know.

But EE is fine from my tests! sorry.

Make sure to check all templates, including your embeds. I would even suggest doing the same test as me with a new channel, field group, and basic test template. If that works it clearly is something in that template/channel

Hi again,

Yes im on the latest EE, and should have all the latest versions of the plugins.

I guess I’ll need to do some really thorough template debugging tomorrow (i might crash now - as it’s almost 1am here in Australia).

Thanks so much for your help - i’ll let you know how I go!

Have a great Thanksgiving! 😊

Thanks for the assist, nevsie.

Nelga, nevsie is correct, you’ll need to create a simplified version of your comments template, preferably the code posted in the docs. See if that helps.

Hi again,

Yep, have replaced the code with the docs code, but the same thing keeps happening.  Truely strange, and honestly just don’t know what to do now…  Have been at it for hours

Actually stripped out all the code except for the comments form & still, the username & password appear.  Tried banning the superadmin, and no dice either