PDA

View Full Version : bbuserinfo from cookie or db?


charmedimsure
05-17-2004, 11:25 PM
Hi folks. Running into a small problem with user's that share computers with a custom app I wrote in PHP that uses the security of vb2.3.5.

I use the standard user integration code as I have followed from this msg board as follows:


chdir("../forums");
require_once('./global.php');
chdir("../catalog");

if ( !($bbuserinfo['usergroupid']==10 or $bbuserinfo['usergroupid']==5 or $bbuserinfo['usergroupid']==6) )
{
header("Location: deny.html");
}

$userid=$bbuserinfo['userid'];




Basically I get the userid from bbuserinfo and load some information (lets call it a "Profile" ) from a database. The problem this particular user is having is that she is telling me she gets her friends "Profile" when trying to edit hers.

Her and 2 friends share the same computer, and all use the the same msg board I have up.

This is telling me the userid from bbuserinfo is actually her friends userid, and the only thing i can think of why its getting that is because its getting the data from the cookie. I know she logs in correctly because I get her PM's.

Anyone have input on this? Is there a way to force the data in bbuserinfo to update from the database bypassing any cookie?

NTLDR
05-18-2004, 01:48 PM
$bbuserinfo is allways fetched from the database, the only things stored in the cookie are the userid and password hash which are used to "automatically" log the user in.

Make sure you cookie settings are correct in the ACP, the path should be / and the domain .domain.com (note the two .'s).

charmedimsure
05-18-2004, 01:56 PM
Thanks for you help. My cookie domain was actually blank.