Author Topic: Emergency! Please Help! People are automatically logged onto my acocunt!  (Read 14962 times)

0 Members and 1 Guest are viewing this topic.

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
Today I got an email from someone saying that the moment he goes to the gallery, he is logged in through my account, so that would explain how our database got ruined the other day, is there any way to stop this from happening? thanks!

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
is there any way to stop this from happening? thanks!
Very simple: never give out a link with sessionid= attached to it!
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
thanks for your help :D, i now asked him HOW he entered the gallery, cause i have given a few links out with session= attacthed to it, so maybe he entered through those. i never knew thats what happens if u give out a URL with session= attached to it :O.

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
well now i dont think thats the problem, someone told me he just clicked enter to the gallery, with no sessions or cat_id numbers attached, just a direct link and he was logged in, what should i do now?  :?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
perhaps they stayed logged in after first time clicking on a link with sessionid. just change your password, and clear 4images_sessions table with phpmyadmin or such. (clear, not delete!)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
Thanks for replying, I went into my PHPAdmin and emptied the tables. I hope everything is ok now :).

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
and btw, what does clearing the 4images_sessions table do?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
it just removing the sessions, so if one logged in without checking the "loggin me automaticaly" checkbox (clicking on a link with sessionid does that), then their login info is being saved in the 4images_sessions and 4images is using that info to validate the visitor's login status.


P.S. oh wait...omg...4images v1.7.x does not have 4images_sessions table! never mind...my bad.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
So then what did I delete? :P Cause I had one, lol, and I emptied it and everything is fine :P. And thanks again :)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
oh...I guess I should deeper look into v1.7.1 code...
u are right, there is such table, its the session_vars being saved in the php sessions instead of database.
glad it worked :D
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline AlanShkr

  • Newbie
  • *
  • Posts: 13
    • View Profile
I`m glad it did too! Thanks again :).