Form Tools
Clients access Admin account issue - Printable Version

+- Form Tools (https://forums.formtools.org)
+-- Forum: Form Tools (https://forums.formtools.org/forumdisplay.php?fid=1)
+--- Forum: Installation (https://forums.formtools.org/forumdisplay.php?fid=4)
+--- Thread: Clients access Admin account issue (/showthread.php?tid=28134)



Clients access Admin account issue - datacom - Sep 20th, 2017

Hello,
 
Our company uses Form Tools and has created a database which includes the Admin and the Clients. These past few days the Admin account can be accessed by some clients when the Admin is logged in. I have tried to find the reason this happens but I have not managed to find a solution. I would be grateful for any input.
Thank you in advance,



Tasos


RE: Clients access Admin account issue - Ben - Sep 26th, 2017

Hi Tasos,

Whoah, I've never heard of that ever occurring. Do you have any more details about it: what pages the clients can access? Do they see the whole admin account (i.e. do they appear to be logged in as the administrator)? Are both users perhaps logging in on the same computer / browser - or maybe via the same intranet where they share the same IP address to the outside world?

Ben


RE: Clients access Admin account issue - datacom - Sep 27th, 2017

(Sep 26th, 2017, 8:55 PM)Ben Wrote: Hi Tasos,

Whoah, I've never heard of that ever occurring. Do you have any more details about it: what pages the clients can access? Do they see the whole admin account (i.e. do they appear to be logged in as the administrator)? Are both users perhaps logging in on the same computer / browser - or maybe via the same intranet where they share the same IP address to the outside world?

Ben

Hi Ben, 

Yep, I have been brainstorming on the mess for a while now. Clients can access every single page, they have administrator access rights but they are logged in as clients. The strange thing is that when I log in as administrator, at the same time with the clients, from another computer I get client rights and not adminisrator's. I log out as client and the client who was seen as admin is logged out too...it seems that there is a configuration/conflict of rights as if they are reversed or something. 
As for the intranet question, three times so far there has been an issue. The first time the two users (client and admin) were in different locations. The second and third time they were in the same LAN (LAN dynamic IP/VAN static IP).

Appreciate any help I can get, thanks!
Tasos


RE: Clients access Admin account issue - nelsondcosta - Sep 28th, 2017

(Sep 27th, 2017, 1:06 AM)datacom Wrote:
(Sep 26th, 2017, 8:55 PM)Ben Wrote: Hi Tasos,

Whoah, I've never heard of that ever occurring. Do you have any more details about it: what pages the clients can access? Do they see the whole admin account (i.e. do they appear to be logged in as the administrator)? Are both users perhaps logging in on the same computer / browser - or maybe via the same intranet where they share the same IP address to the outside world?

Ben

Hi Ben, 

Yep, I have been brainstorming on the mess for a while now. Clients can access every single page, they have administrator access rights but they are logged in as clients. The strange thing is that when I log in as administrator, at the same time with the clients, from another computer I get client rights and not adminisrator's. I log out as client and the client who was seen as admin is logged out too...it seems that there is a configuration/conflict of rights as if they are reversed or something. 
As for the intranet question, three times so far there has been an issue. The first time the two users (client and admin) were in different locations. The second and third time they were in the same LAN (LAN dynamic IP/VAN static IP).

Appreciate any help I can get, thanks!
Tasos

Hi Tasos,

Can you give US a SS frontal your users dB? 
Check on users table if everything is right.


RE: Clients access Admin account issue - Ben - Sep 28th, 2017

Hey Tasos,

From what you described it sounds like there's some sort of problem with the session itself. The whole point of sessions is that the unique client-specific session ID gets stored on the single user's computer in the form of a cookie, then passed with all requests back to the server. But somehow that's not working here.

Are you using PHP sessions for Form Tools (it's the default)? Could you try switching to database sessions? It may not fix anything, but it would at least eliminate PHP as the cause. PHP sessions work by creating files on your server for each session. Just wondering if maybe there's a problem there & the session ID is being duplicated somehow... or maybe disk space? Really not sure - but worth a shot.

Just add this to your `/global/config.php` file:


PHP Code:
$g_session_type "database"


Then try logging out + in again. You shouldn't notice any difference: it should behave exactly the same way (but if you're curious, the `{prefix}sessions` table in your database will be populated with session data).

Ben


RE: Clients access Admin account issue - datacom - Nov 16th, 2017

(Sep 28th, 2017, 1:57 PM)nelsondcosta Wrote:
(Sep 27th, 2017, 1:06 AM)datacom Wrote:
(Sep 26th, 2017, 8:55 PM)Ben Wrote: Hi Tasos,

Whoah, I've never heard of that ever occurring. Do you have any more details about it: what pages the clients can access? Do they see the whole admin account (i.e. do they appear to be logged in as the administrator)? Are both users perhaps logging in on the same computer / browser - or maybe via the same intranet where they share the same IP address to the outside world?

Ben

Hi Ben, 

Yep, I have been brainstorming on the mess for a while now. Clients can access every single page, they have administrator access rights but they are logged in as clients. The strange thing is that when I log in as administrator, at the same time with the clients, from another computer I get client rights and not adminisrator's. I log out as client and the client who was seen as admin is logged out too...it seems that there is a configuration/conflict of rights as if they are reversed or something. 
As for the intranet question, three times so far there has been an issue. The first time the two users (client and admin) were in different locations. The second and third time they were in the same LAN (LAN dynamic IP/VAN static IP).

Appreciate any help I can get, thanks!
Tasos

Hi Tasos,

Can you give US a SS frontal your users dB? 
Check on users table if everything is right.



RE: Clients access Admin account issue - datacom - Nov 16th, 2017

(Sep 28th, 2017, 1:57 PM)nelsondcosta Wrote:
(Sep 27th, 2017, 1:06 AM)datacom Wrote:
(Sep 26th, 2017, 8:55 PM)Ben Wrote: Hi Tasos,

Whoah, I've never heard of that ever occurring. Do you have any more details about it: what pages the clients can access? Do they see the whole admin account (i.e. do they appear to be logged in as the administrator)? Are both users perhaps logging in on the same computer / browser - or maybe via the same intranet where they share the same IP address to the outside world?

Ben

Hi Ben, 

Yep, I have been brainstorming on the mess for a while now. Clients can access every single page, they have administrator access rights but they are logged in as clients. The strange thing is that when I log in as administrator, at the same time with the clients, from another computer I get client rights and not adminisrator's. I log out as client and the client who was seen as admin is logged out too...it seems that there is a configuration/conflict of rights as if they are reversed or something. 
As for the intranet question, three times so far there has been an issue. The first time the two users (client and admin) were in different locations. The second and third time they were in the same LAN (LAN dynamic IP/VAN static IP).

Appreciate any help I can get, thanks!
Tasos

Hi Tasos,

Can you give US a SS frontal your users dB? 
Check on users table if everything is right.


Hello, Sorry for the late reply but we had some server issues that were more imminnent.   What do you mean by  SS frontal users dB? 
Thank you for taking the time to reply.
Tasos



RE: Clients access Admin account issue - datacom - Nov 16th, 2017

(Sep 28th, 2017, 7:09 PM)Ben Wrote: Hey Tasos,

From what you described it sounds like there's some sort of problem with the session itself. The whole point of sessions is that the unique client-specific session ID gets stored on the single user's computer in the form of a cookie, then passed with all requests back to the server. But somehow that's not working here.

Are you using PHP sessions for Form Tools (it's the default)? Could you try switching to database sessions? It may not fix anything, but it would at least eliminate PHP as the cause. PHP sessions work by creating files on your server for each session. Just wondering if maybe there's a problem there & the session ID is being duplicated somehow... or maybe disk space? Really not sure - but worth a shot.

Just add this to your `/global/config.php` file:


PHP Code:
$g_session_type "database"


Then try logging out + in again. You shouldn't notice any difference: it should behave exactly the same way (but if you're curious, the `{prefix}sessions` table in your database will be populated with session data).

Ben


Hey Ben, 
sorry for the very late reply, but we had some server issues and things got a bit hectic (irrevelant to the issue at hand). That sounds like a good advice and I am going to give it a try, however (better safe than sorry) I do have a question. Should I leave the command as "database" or add the name of our DB "datacom2_ftool10" ? 
Also, look what happened....I created a new cient and everything was Ok, I added a new form and since then the new client started getting mixed up with the other clients and the admin. So, I erased the new client since there was nothing else I could do to fix the issue. 

Thank you for the advice, I am def giving it a try as soon as you let me know if the command should be that way. 

Thanks again, 
Tasos



RE: Clients access Admin account issue - nelsondcosta - Nov 17th, 2017

Hope Ben can save you Smile


RE: Clients access Admin account issue - datacom - Dec 11th, 2017

Hey Ben,
Please HELP!!!!
I have installed the app "Booked" (https://datacom.x10.mx/phpsch/) through Softaculous. Today I noticed that the moment I logout either from Booked or Ftools (http://www.datacom.x10.mx/ftools), the other app logs out as well. It does not matter from which app I am logging out first, or whether I am an admin at ftools, client at booked or vice versa, or admin at both etc. In any case the app logs out automatically.

I used the command : $g_s e ssion_typ e = "databas e "; (the one you gave me, just as I see it in the forum) in the folder:
/global/config.php

but after that no client can access Formtools, only the Admin. To top it all, whenever I try to make some changes concerning the clients ( e.g. change password) Formtools logs out. So...I erased the command.

There seem to be a number of issues that pop up each time and our system keeps failing to do what it is supposed to do. Any ideas about what is going on?

Thank you for your help, much appreciated at this point!!