Bug #15394
closed
userauth takes first user in list
Added by Volker Graubaum almost 19 years ago.
Updated over 18 years ago.
Description
Also the storage_pid is taken for proofing, if a user is valid, the storage_pid isn't used while the user get logged in.
Problem
2 times the same username will login the same (first) user, even in different pages.
(issue imported from #M2238)
Hi René,
is this you're task?
Greetings Volker
I'm not sure about the problem.
Feature:
1. a username is unique
2. in FE a username is unique per page if [FE][checkFeUserPid] = 1
3. in FE a username is unique for the system if [FE][checkFeUserPid] = 0
Does that answer/solve your problem or does it still exist. Then please a more precise explanation.
Hi Rene,
when you log in in the frontend, it is handle in an other way (as far as I see this).
So I've 2 storagePages for user
when I try to log in, there is a check, if a user exists on the defined page.
WHEN (and only than) it exists, the login itself is started.
But the login doesn't check the pid later on.
That's why the first user is logged in, even if he comes from another page.
try to create 2 user on 2 pages.
Then try to login on a page, where the storageID is used from the second side, and you will detected what I mean.
Greetings Volker
You're right, that could happen.
I found the reason for that and I must correct my previous message.
Feature:
A username have to be unique no matter if BE or FE.
This behaviour results of the table/code design. After login the pid is not available anymore and can not be used for detecting the user.
Hi Rene,
I wouldn't call it a feature :-(.
I thing there has just to be one change.
When the user is logged in, there is a query to get the user data by username.
Why not add the storagePID here?
After you logged in, the uid is taken, as far as I have seen this, so there won't be a problem.
Greetings Volker
The PID from the login is not available later. The page where the user currently IS can be a totally different. Even the storage pid could be another one so that doesn't help.
Yes, that's true.
But I just mean the situation when is user gets logged in.
So:
"newloginbox" on a page
username/password > send
AuthService is checking
> check is user there? yes
> log in -> yes ---> Here I would like to check the storagePID
-> run newloginbox fr example with redirect
Later on, IMHO TYPO3 works with the uid of the user, so no StoragePID is needed anymore.
or did I missunderstand something?
Greetings Volker
> log in -> yes ---> Here I would like to check the storagePID
Works already like this
Later on, IMHO TYPO3 works with the uid of the user, so no StoragePID is needed anymore.
That's not true. The username is used. That's why it doesn't work as you expect.
And that's why it's not a bug - it's a feature. :-/
Ok, I added a feature wish, that login should base on the uid, after a user is logged in.
Also available in: Atom
PDF
Updated by 
Updated by