[Resolved] Download links to wrong digital product -- I see duplicate accesskeys in database?

[lyndsiesal]

I had my site upgraded from CC4 to CC6 in October. After the update, I noted a lot of extra links in my customer test account so I ordered some custom coding work to clean up the database. At some point after the new database was uploaded, I started receiving a large number of messages from customers who were attempting to download old orders but getting a totally different product. I tried resetting the links but it still happens.  I have been trying to get in touch with the person who did the work for us but he has not replied and I'm kind of worried that something is wrong because he's always been very reliable. Anyway, in desperation I looked at the downloads in the database and I noticed a LOT of duplicate access keys from before the update (shorter accesskeys). I'm not sure why they didn't cause a problem on the old site but on the new site, the duplicate download urls are all providing the customer with the file associated with the oldest order with the same link. Not only do I have upset customers but they are getting a free product that they didn't pay for and I'm drowning in emails. 

Is there a way to generate new download links?  I should also mention I have over a million downloads so doing it manually is not the best option. 

I'm open to any options!

Thanks!

[bsmither]

Interesting problem....

A short script could probably be written to sort it out, but some unknowns would need to be sussed out first.

I agree the essential problem is duplicated accesskeys. So, if we limit ourselves to attacking just this problem, we may not need to generate new links for the entire table.

I am interested in helping you solve this.

[bsmither]

The problem was duplicate accesskeys*.

The records were extracted to a CSV from the CubeCart_downloads table, and run through a de-dupe utility, saving off the duplicate records into a separate file. That file was then imported into a separate, newly created table in the Cubecart database.

An UPDATE query modified the accesskey for every record that was found in the new table holding the duplicate records.

* Questions are (probably unanswerable): How could the accesskeys get duplicated? The CubeCart_downloads table does not have a UNIQUE key constraint against the accesskey column. CC4 has a 62 character array, from which a random letter is chosen for eight iterations, making an eight character sequence. This gives an incredible number of possibilities: 2e14. Yet, with just over 1 million records in the table, 418 thousand had duplicate accesskeys. I would have to conclude the version of PHP that this installation of CC4 was running on didn't have a decent randomness of its rand() function.

Which brings notice to CC6's function to create (or attempt to) a random accesskey. CC6 makes an md5 hash out of several items that forms a unique collection. But MD5 hashes count 2^128 bits, or 340 undecillion 282 decillion 366 nonillion 920 octillion 938 septillion 463 sextillion 463 quintillion 374 quadrillion 607 trillion 431 billion 768 million 211 thousand 456 accesskeys. Still, a collision could occur. Not likely, but stranger things have happened.

[lyndsiesal]

Many, many thanks to bsmither for helping me fix this disaster!  Downloads have been working smoothly.