FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Users login but are assigned to another users account
Show: Today's Messages :: Unread Messages :: Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Users login but are assigned to another users account [message #187898] Fri, 12 June 2020 18:17 Go to next message
Elliaison is currently offline  Elliaison   
Messages: 18
Registered: February 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Please help, major issue being experienced.

I was working on user/group permissions this morning to change permissions. I deleted a User group called Global Anonymous Users that I thought I had created years ago. (Maybe it was a default user group? Maybe unrelated?)

About 2 hours ago Users started reporting that they were posting under other user's accounts. I looked into it and found the following:
- If I was already logged in and refreshed my page, I showed that I was logged in under another user account.
- If I logged out, it would respond by taking me back to the Home page, but logged in as yet another user.
- While logged in to another user account, I could post as them, change their profile and act in all ways as that user. (This is particularly an issue when I'm logged in as an admin and other users gain my access.)
- When I logged out several times, it cycles through various user accounts until everyone is logged out.

I tried upgrading from 3.0.9. to 3.0.10 and that did not repair the issue. My backups are not running, it looks like they stopped about a year ago.


Options I can take:
- I can replace any files from my backups (3.0.9), but remember we are currently on 3.0.10.
- I can uninstall and reinstall.
- I can do whatever you intelligent people might suggest. (I did a backup today 3.0.10.) I need to not risk my data.

Any suggestions would be greatly appreciated.

Elliaison
Re: Users login but are assigned to another users account [message #187899 is a reply to message #187898] Fri, 12 June 2020 20:53 Go to previous messageGo to next message
Elliaison is currently offline  Elliaison   
Messages: 18
Registered: February 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Update:

I backed up my database, Renamed my file directories to "Old-folder", and reinstalled a fresh version of 3.0.10, and imported my database and the site is back up, but with the same issue.

I've noticed that if I login using my account, I can move around in the forum and I stay as my user account. When I click logout, I'm logged out of my account and logged in as someone else. Total security loss.

Seems to be an issue with the "Guest" user in the database.

Any ideas on how to fix this?

Thanks,
Elliaison
Re: Users login but are assigned to another users account [message #187900 is a reply to message #187899] Fri, 12 June 2020 21:25 Go to previous messageGo to next message
Elliaison is currently offline  Elliaison   
Messages: 18
Registered: February 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Oops, version 3.1.0.
Noticed that the login process is working and I can login as many users as I want. The logout process is broken. Clicking logout disconnects/logs off the current user, but assumes the account of the next user in the order of their login.

Thanks in advance for any help,
Elliaison
Re: Users login but are assigned to another users account [message #187901 is a reply to message #187900] Fri, 12 June 2020 21:38 Go to previous messageGo to next message
Elliaison is currently offline  Elliaison   
Messages: 18
Registered: February 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Found the issue. It appears that somehow the global cookie domain lost a "." in from of the domain name and the path was messed up. It's working now. Smile

But my backup is failing.

Quote:
Backup database tables:
Failed to open SQL directory "/home8/mastert4/public_html/elliaison/FUDforum/sql/"
It was working fine when I started this thread, but stopped in the process of troubleshooting. Any ideas based on the history in this thread?

Smile
Elliaison

[Updated on: Fri, 12 June 2020 21:44]

Report message to a moderator

Re: Users login but are assigned to another users account [message #187902 is a reply to message #187901] Sat, 13 June 2020 03:49 Go to previous messageGo to next message
naudefj is currently offline  naudefj   
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
The "Global Anonymous Users" can be recreated from SQL, the INSERT statement is on line 1081 of the install.php script.

The backup problem is most likely a permission issue on the OS.
Something like "chmod 750 sql" (or 755) should fix it.

[Updated on: Sat, 13 June 2020 03:55]

Report message to a moderator

Re: Users login but are assigned to another users account [message #187914 is a reply to message #187902] Wed, 17 June 2020 15:04 Go to previous message
Elliaison is currently offline  Elliaison   United States
Messages: 18
Registered: February 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Looks like I'm still having the same issue with logout not changing to the Anonymous user.

I see your post about using the insert script from intall.php.

I found:
Quote:
/* Add anonymous user (must be id=1). */
q('DELETE FROM '. $DBHOST_TBL_PREFIX .'users');
$anon_id = db_li('INSERT INTO '. $DBHOST_TBL_PREFIX .'users (login, alias, theme, email, passwd, name, users_opt, join_date, time_zone) VALUES(\'Anonymous\', \'Anonymous\', 1, \'dev@null\', \'1\', \'Anonymous\', '. (1|4|16|32|128|256|512|2048|4096|8192|16384|262144|4194304) .', '. time() .', \''. $SERVER_TZ .'\')', $ef, 1);
if ($anon_id != 1) {
echo 'WARNING: Anonymous user\'s ID is not 1! Trying to fix it...';
q('UPDATE '. $DBHOST_TBL_PREFIX .'users SET id = 1');
echo 'Done, we\re OK again.';
I don't know how to use this, but I checked the database and the Anonymous user and settings are correct. I created a new group called "Global Anonymous Users" and saw that registered and Anonymous users were part of it. I added user "Anonymous" and it accepted it without an error message as if the Anonymous user was different from the auto generated "Anonymous" user.

Not sure if that gives any insight into the issue.

Can we do a webex session to get this fixed? My forum is down until this gets resolved.

Thanks,
Elliaison

Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Failed getting archive size from
Next Topic: Wrong URL for Last Page - Link [ ยป ]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Oct 12 14:01:39 EDT 2024

Total time taken to generate the page: 0.04992 seconds