Knowledgebase

Portal Home > Knowledgebase > Articles Database > 'Member Access Only' Session issue


'Member Access Only' Session issue




Posted by kayz, 04-10-2011, 06:07 PM
Hi guys i've spent 3 whole days trying to get this to work but it dosent. I have done most of the work just stuck with session issues i think. Basically i have custom member pages. member1.php member2.php the design and content will be custom to each member, they also have their own login page. Each member should be able to access their page and simply view their secure area. They should not be able to log into another users area if they dont have the username or password for it. Now the problem is, i have this entire script setup and it works, however i fear there is something wrong with the sessions which allows other members to access other members pages with their own passwords and usernames because they share the same database. So the script executes thinking its a valid user and lets them in. Here is my login checker once the user is validated they are sent to their own folder header("Location: ../{$loginusername}/index.php"); and are able to view the page. Now here is the secure page sample: For each login page i have given each user it's own session.. this works, however if user1 logs in and simply changes the url to user2 and enters his user2 password he is granted access giving him new sessions which means he has access to everything. Im pretty sure im missing something really small any help would be appreciated.
Posted by Mark Muyskens, 04-10-2011, 06:13 PM
user1 logs in and simply changes the url to user2 and enters his user2" so user1 has user2 password? so, User1 could of logged into User2 from the start.....
Posted by kayz, 04-10-2011, 07:34 PM
Almost, not his user2 id. He can access other pages with his username and password as they are in the same db. No. Yes. The users are in one database but they are allocated different pages just for themselves. Their usernames and passwords are checked via the same database thus giving them access to all pages. You will see i've almost got it to work by the use of sessions. It 'technically' works, but not really... if a tech savvy person comes along then they can easily gain access to other pages with their 'own username and password'.
Posted by Hostify Networks, 04-11-2011, 12:50 AM
I'm not sure I completely understand what you're trying to do here, but here's my attempt at making your code make sense.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
php5 - squirrelmail and "cgi error" (Views: 635)
Mysql multiple table update/multiple delete (Views: 694)
i want to be new reseller ,but.... (Views: 674)
APF over-ambitious (Views: 720)
traceroute script (Views: 687)

Language: