StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUsers logged into other people's accounts
primarykey
Id
7360359
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2011-09-09T10:34:51.743
FavoriteCount
0
LastActivityDate
2011-09-23T04:17:40.880
LastEditDate
2011-09-09T10:40:49.960
LastEditorUserId
225899
OwnerUserId
225899
ParentId
0
PostTypeId
1
Score
2
ViewCount
226
LastEditorDisplayName
text
Body
I have a script that gets Facebook user information (see below). The issue I've encountered during tests is that a user can end up getting logged in on someone else's account. This is obviously undesirable. This happens in the bit that says <code>if( $testuser != null )</code> where some code hooks into the login system of a web site bypassing the username+password phase and logs in a person according to their email address. My guess is that something similar is happening to a payment system I fixed a few months ago. In short, if two people were visiting the same page they could both end up benefiting from a transaction. This was solved by adding an id to the callback from the payment service. In the present case I'm not sure how I could implement that but I'd say an extra condition needs to be added before a user is logged in. What do you think is happening and what would be an appropriate/secure fix? <pre><code>$token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; $response = file_get_contents($token_url); $params = null; parse_str($response, $params); $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token']; $testuser = json_decode(file_get_contents($graph_url)); if( $testuser != null ){ // Login code goes here $id = get_userid_by_email( $testuser->email ); // Use email as key as unique $user = new User($db); $user->signin_by_id( (int) $id ); $user->connect(); } </code></pre>
Tags
<php><facebook>
Title
Users logged into other people's accounts
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USJames P.
UserOwnerUserId
1. USJames P.
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POUsers logged into other people's accounts
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POUsers logged into other people's accounts
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.