I have a problem, I did this fix when it first came out, I recently had an influx of members, and I got an email today from one of them with a link in it, and when I clicked on it, I was logged into her account, I checked and double checked...this is the part of the code I changed in includes/sessions.php am I missing something?
function demand_session() {
$this->get_session_id();
if (!$this->load_session_info()) {
$this->delete_old_sessions();
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
$this->start_session($user_id);
}
else {
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
$update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction'];
if ($update_cutoff > 60) {
$this->update_session();
$this->delete_old_sessions();
}
}
}
function start_session($user_id = GUEST, $login_process = 0) {
global $site_db;
$this->user_info = $this->load_user_info($user_id);
if ($this->user_info['user_id'] != GUEST && !$login_process) {
if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
}
else {
$this->set_cookie_data("userpass", "", 0);
$this->user_info = $this->load_user_info(GUEST);
}
}