Author Topic: Visitors being logged in as administrator (or as other member accounts)  (Read 13166 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
This is a very common issue, but its not a bug in 4images!

It simple, when you give someone a link to your gallery with sessionid= attached to it, you also giving them a chance to get access to your account through that session!

NEVER GIVE ANYONE A LINK TO YOUR GALLERY WITH A sessionid= ATTACHED TO IT!!!

So, ok, what should you do if this happend?

You'll need edit your database with your favorite MySQL manager (phpmyadmin) and clear (NOT DELETE!!!) 4images_sessions table.
By doing so, you will eliminate any active sessions, meaning any member who logged in without "Log me on automatically next visit" checkbox checked will automaticaly get logged out.

[EDIT]
Try this patch:
http://www.4homepages.de/forum/index.php?topic=8895.0
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)