I recently created three new extensions to my board. Additionally, my vbulletin forum is modded quite a bit (both in the source files and with custom plugins).

A couple of days ago, I noticed that the user details of my admin account (userid 1) were changed. Some userfields were overwritten. The avatar and profile pic were changed.
I discovered the same avatar and profile pic on a new member's profile. So he must have inadvertently changed my profile while editing his own profile.

I was not able to recreate the problem. I signed up with a new account, changed the user details of that account, but it did not have any effect on the admin account's details.

Say that for some reason, the user data gets saved with the userid "1" to the database. But then the guy would not be able to change his own info. It seems though as if his userdata was copied into my admin account.
I can't explain it. It is very worrysome. :(

I have three plugins that effect the signup process. I've looked at them multiple times, and cannot find a problem with it. And the user details are changed after the signup anyway.

The question is how I can debug this? I know on vbulletin.com I would just get the standard copy & repaste reply of pretty much reinstalling the forum from scratch. I am not going to do that.
Has anybody ever had such a problem before?

Without being able to reproduce the problem, you are going to have a hard time fixing it. I would probably try setting us a test site - a duplicate of my live site as it is now - and then trying to reproduce this.

There will be some extensive logging necessary. Either way, this will be nasty.

I know you don't want to hear it, but re-install (at least restore the vb source files) will be the best way to go.

A test site would be a lot of work (because my site is quite big).
Logging is probably the better way. I could log all edits of user info, avatars and profile pics. :erm:

The most annoying thing is that it has not happened again.
Maybe it was just once? Could this happen when I install a plugin but not turn the board off?

I do this in a custom plugin at the "profile_start" hook:
if ($_REQUEST['do'] == 'nameofplugin')
{
// init user data manager
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
$userdata->set_existing($vbulletin->userinfo);
// set custom profile fields
$userdata->set_userfields($vbulletin->GPC['userfield']);
// save the data
$userdata->save();

//...
}

That should be the right way to do it, no? That's the only place I can think of that could cause this.
Or maybe the bug is that the above code is executed, and then the script saves the data again (in the original code).

I have an idea about this - this is the thing you posted in another thread, where you originally didn't have the set_existing() call? I see now what you meant there - if you don't have the existing fields set, like the userid, then it won't save. Is it possible at some point while you were working on it, you had it so it did save with a userid of 1?

Have you tried disabling the custom plugin and THEN doing some testing? That would at least narrow it down somewhat.

There is no testing that I can do but to let it sit and wait for it to happen again.

I never used the set_existing call to save only my info, not even during development.

So far, it has not happened again. I hope it was only a temporary glitch.