Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Force Login results in wrong user account *special conditions*
  • Hello,

    i have an special issue with the auth package in this case with the force_login method

    For Example

    i use force login with user id 68

    but than the current user id is 60 (\Auth::instance()->get_user_id() ), this is a user with same username & password

    i know that this can be a correct behavior, but can i avoid this?

    i have build a multi vendor shop like script and every vendor ist bonded to an domain_id (field domain_id on users table)

    now, customers of this domains can use same username & password on domain a and domain b & even domain x

    the problem is, i use force_id with 68 and user 60 is logged in


    [code]var_dump($user->id); // returns 68
    return new Response();
        
        Auth::logout();
                Session::destroy();

                Auth::instance()->force_login($user->id); // after that user id is 60
    [/code]

    thanks for help


    If username does exists twice, he uses the first user from the db with this username always
  • Username needs to be unique, you can't have the same username twice.

    The reason because it fails is because of

    \Session::set('username', $this->user['username']);
    \Session::set('login_hash', $this->create_login_hash());

    which uses the username to re-authenticate, and not the userid.

    So to be precise, the userid hasn't changed after a force_login(), it has changed after a new page load, because of the lookup on username.
  • Ok, i can not avoid this? 
  • Harro VertonHarro Verton
    Accepted Answer
    No, it is the way the Auth drivers (both Simpleauth and Ormauth) are designed.

    The only option you have is to extend the driver you use, overload the methods that set, read or reset auth session cookies, and have that set the userid too. And you have to adapt the query in perform_check() to include the userid too.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion