2 replies to this topic

[abelwang]

hi guys
i m new here, i have a question that need you guys help.
lets say, for secuity reason i have make 2 logins for a webpage with 2 different ID and PW. and this 2 login page are in 2 different folders. so i want to add some codes only from login 1 can call for login 2, let's say i try to use direct address to login 2, the acess will be failed. it this possible??

thank you so much for viewing my question.

[WingedPanther]

Sounds like you just need two sets of variables stored in session.

[abelwang]

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location:/admincp_5850/index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>

to

<style type="text/css">
<!--
body,td,th {
color: #FFF;
}
body {
background-image: url(pages/images/bg2.JPG);
background-color: #FFF;
}

-->
</style><?php

echo "<link href='config/stylesheet2.css' type='text/css' rel='stylesheet2'>
<table width='397' border='0' align='center' cellspacing='0' class='innertab'>
<form action='pages/index.php' method='POST'>


<center>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<table width='397' border='0' align='center' cellspacing='0' class='innertab'>
<form action='pages/index.php' method='POST'>
<tr>
<th height='248' background='pages/images/login.png' scope='col'>
<table width='100%' border='0' height='100%' valign='bottom' align='right' cellspacing='0'>
<tr>
<th width='43%' scope='col'> </th>
<th width='57%' scope='col'> </th>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td height='58'> </td>
<td> </td>
</tr>
<tr>
<td height='86'> </td>
<td><table width='100%' height='22%' border='0' align='left'>
<tr>
<th scope='col'> </th>
</tr>
<tr>
<td><div align='left'>
<input type='text' name='accname' maxlength='15' />
</div></td>
</tr>
<tr>
<td><div align='left'>
<input type='password' name='accpass' maxlength='15' />
</div></td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
<td>
<input type='hidden' name='log' value='login'>
<input type='submit' value='Login'>
</td>
</tr>
</table></th>
</tr>
</form>
</table>
</center>";
?>
<bgsound src= "bgm_login.mp3"
loop="infinite"/>

<div align="center"><strong><a href="/dekaron/index.php">Back</a></strong></div>

can you show me how?? thanks..