User logging into other accounts

Asked

Viewed 49 times

1

Hi, I’m in the middle of this because I don’t know what else to do with this problem that’s been haunting me for days! Yesterday practically out of the blue (really, out of the blue) started this problem, where the user logging into their user normally and giving an "F5" on the page, would be in the account of another random user. At first and I still have this theory, I think it’s a kind of "Cache", but I don’t have any cache enabled on my site, nor on "Sucuri" (Firewall which I use) and not even in my CMS have any Cache structure.

That’s why this problem is driving me crazy right now, because I don’t know what it could be, let alone the source. I leave with you the code of "Log in" to see that I (at least I think) am not doing anything incorrectly.

Authcontroller.php -

public function login()
{
    global $twig, $params, $language;
    try {

        $user = Model\User::select()
                            ->where('username', QB::EQ, $_POST['login_username'])
                            ->whereOr('email', QB::EQ, $_POST['login_username'])->find();

        if($user->login($_POST['login_password'])) {

            if($user->isBanned()) {
                radCMS\App::Message('error', $language['home']['notifications']['banned'], [
                    '{username}' => $user->getUsername(),
                    '{reason}' => $user->getBan()->getReason(),
                    '{expires}' => date('d-m-Y \à\s H:i:s', $user->getBan()->getExpire())
                    ]);
                return radCMS\App::Redirect('home');
            }
            else {
                $_SESSION['id'] = $user->id();

                $user->setLast_ip(OctaCMS\App::GetIP());
                $user->setLast_online(time());

                radCMS\App::Redirect('me');
                radCMS\App::Message('success', $language['notifications']['logged_in']);
            }
        }
        else
        {
            radCMS\App::Message('error',  $language['home']['notifications']['login_incorrect']);
            Model\Input::saveFields($_POST);
            radCMS\App::Redirect('home');
        }

    } catch (\RangeException $ex) {
        radCMS\App::Message('error',  $language['home']['notifications']['login_incorrect']);
        radCMS\App::Redirect('home');

Since I work with MVC, I have this in my index.php

index php. -

if(!session_start()) 
    session_start();

And another file I have a small function which only checks if the user is logged in

App.php -

public static function isLoggedIn() 
{
    return isset($_SESSION['id']);
}

So, guys, I would really appreciate a hand in this.

  • What framework is this?

  • To $_SESSION['id'] is the user id?

  • I think you need to post a part of the user model as well. Because the controller information I’m seeing is not the problem. The problem may be inside the model or controller, where the user selects.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.