charmedimsure
05-17-2004, 11:25 PM
Hi folks. Running into a small problem with user's that share computers with a custom app I wrote in PHP that uses the security of vb2.3.5.
I use the standard user integration code as I have followed from this msg board as follows:
chdir("../forums");
require_once('./global.php');
chdir("../catalog");
if ( !($bbuserinfo['usergroupid']==10 or $bbuserinfo['usergroupid']==5 or $bbuserinfo['usergroupid']==6) )
{
header("Location: deny.html");
}
$userid=$bbuserinfo['userid'];
Basically I get the userid from bbuserinfo and load some information (lets call it a "Profile" ) from a database. The problem this particular user is having is that she is telling me she gets her friends "Profile" when trying to edit hers.
Her and 2 friends share the same computer, and all use the the same msg board I have up.
This is telling me the userid from bbuserinfo is actually her friends userid, and the only thing i can think of why its getting that is because its getting the data from the cookie. I know she logs in correctly because I get her PM's.
Anyone have input on this? Is there a way to force the data in bbuserinfo to update from the database bypassing any cookie?
I use the standard user integration code as I have followed from this msg board as follows:
chdir("../forums");
require_once('./global.php');
chdir("../catalog");
if ( !($bbuserinfo['usergroupid']==10 or $bbuserinfo['usergroupid']==5 or $bbuserinfo['usergroupid']==6) )
{
header("Location: deny.html");
}
$userid=$bbuserinfo['userid'];
Basically I get the userid from bbuserinfo and load some information (lets call it a "Profile" ) from a database. The problem this particular user is having is that she is telling me she gets her friends "Profile" when trying to edit hers.
Her and 2 friends share the same computer, and all use the the same msg board I have up.
This is telling me the userid from bbuserinfo is actually her friends userid, and the only thing i can think of why its getting that is because its getting the data from the cookie. I know she logs in correctly because I get her PM's.
Anyone have input on this? Is there a way to force the data in bbuserinfo to update from the database bypassing any cookie?