MyBB Community Forums

Hi

we're using mybb version 1.4.4 upgraded from 1.4.3 and facing some bugs where :

1. user sometimes login using different account but logged in as different account... example: user login as A but logged as B.
2. [URGENT - as reported by user] normal user can access to the admin cp because they are logged as admin account without logging in using admin account.
3. sometimes they're logged as admin account or other user account and sometimes they can login using their normal account.
4. even we've asked our user to clear their browser cookies and reopen their browser, the problem still occurs.



info:-
1. we are connected from a single proxy server, where we are using one shared IP to connect to internet. we've reset our cookies as shown in http://community.mybboard.net/thread-42123.html however, the problem still occurs.
2. for now, we dont have any same problem report from user that are connected using their own IP.
3. URL : http://www.princenetwork.net/forum

we're hoping to hear from u soon since this problem affect our forum security... thanks~

Why is their 2 posts? you only need one.

sorry. just deleted the other one.

ok, so, users are logged in without logged in?

You need to remove the option for people to save their login details in the options, run a SQL query to make sure nobody has it set to remember, and then truncate the sessions table. This is due to the way your network is setup.

new info:-

my friend (connected using same IP - Proxy) informed me that just now he was connected to this forum using my nickname.

to MattRogowski: thanks, but is there any more easy way to fix this problem?

No, not really, that's the problem, information is being shared over your network in a way it shouldn't be by the sound of it. Passwords are being saved and loaded for different people.

ok. many thanks MattRogowski.
I'll try my best to fix this problem.
if anyone hv any other solution or suggestion, you're welcome to reply this thread.

thanks again

i also seen this problem