Users login but are assigned to another users account [message #187898] |
Fri, 12 June 2020 18:17 |
|
Elliaison
Messages: 18 Registered: February 2011
Karma: 0
|
Junior Member |
add to buddy list ignore all messages by this user
|
|
Please help, major issue being experienced.
I was working on user/group permissions this morning to change permissions. I deleted a User group called Global Anonymous Users that I thought I had created years ago. (Maybe it was a default user group? Maybe unrelated?)
About 2 hours ago Users started reporting that they were posting under other user's accounts. I looked into it and found the following:
- If I was already logged in and refreshed my page, I showed that I was logged in under another user account.
- If I logged out, it would respond by taking me back to the Home page, but logged in as yet another user.
- While logged in to another user account, I could post as them, change their profile and act in all ways as that user. (This is particularly an issue when I'm logged in as an admin and other users gain my access.)
- When I logged out several times, it cycles through various user accounts until everyone is logged out.
I tried upgrading from 3.0.9. to 3.0.10 and that did not repair the issue. My backups are not running, it looks like they stopped about a year ago.
Options I can take:
- I can replace any files from my backups (3.0.9), but remember we are currently on 3.0.10.
- I can uninstall and reinstall.
- I can do whatever you intelligent people might suggest. (I did a backup today 3.0.10.) I need to not risk my data.
Any suggestions would be greatly appreciated.
Elliaison
|
|
|
|
|
|
|
Re: Users login but are assigned to another users account [message #187914 is a reply to message #187902] |
Wed, 17 June 2020 15:04 |
|
Elliaison
Messages: 18 Registered: February 2011
Karma: 0
|
Junior Member |
add to buddy list ignore all messages by this user
|
|
Looks like I'm still having the same issue with logout not changing to the Anonymous user.
I see your post about using the insert script from intall.php.
I found:
Quote:/* Add anonymous user (must be id=1). */
q('DELETE FROM '. $DBHOST_TBL_PREFIX .'users');
$anon_id = db_li('INSERT INTO '. $DBHOST_TBL_PREFIX .'users (login, alias, theme, email, passwd, name, users_opt, join_date, time_zone) VALUES(\'Anonymous\', \'Anonymous\', 1, \'dev@null\', \'1\', \'Anonymous\', '. (1|4|16|32|128|256|512|2048|4096|8192|16384|262144|4194304) .', '. time() .', \''. $SERVER_TZ .'\')', $ef, 1);
if ($anon_id != 1) {
echo 'WARNING: Anonymous user\'s ID is not 1! Trying to fix it...';
q('UPDATE '. $DBHOST_TBL_PREFIX .'users SET id = 1');
echo 'Done, we\re OK again.';
I don't know how to use this, but I checked the database and the Anonymous user and settings are correct. I created a new group called "Global Anonymous Users" and saw that registered and Anonymous users were part of it. I added user "Anonymous" and it accepted it without an error message as if the Anonymous user was different from the auto generated "Anonymous" user.
Not sure if that gives any insight into the issue.
Can we do a webex session to get this fixed? My forum is down until this gets resolved.
Thanks,
Elliaison
|
|
|