managedinternet
08-29-2006, 12:30 PM
Hi Guys,
ok here is my problem
on my site i have 2 login pages, they both redirect to different locations
( for personal and business users )
After successfull login they create a session
called either 'business' or 'personal' and the value for the sessions
is the auto_increment id inumber
on the index page in the corresponding folders
personal or business, the code check for the corresponding session name
however my problem is that if i login as business i can then also access the personal area and vise versa
Here is the code from 1 of the login pages ( they are both similar with only name changes )
session_start();
mysql_select_db($dbn, $dbc);
$loginquery = mysql_query("SELECT * FROM `business` WHERE email='$email' and password='$password'", $dbc);
$result = mysql_fetch_assoc($loginquery);
// Result Process
if(!$result){
header("Location: buslogin.php?message=Invalid Username / Password</br>Please Try Again");
} else {
$GLOBALS['business'] = "$result[businessid]";
session_register('business');
header("Location: business/index.php");
}
and here is the code on the page successfull login is redirected too
session_start();
if(!isset($_SESSION['business'])){
header("Location: ../buslogin.php");
} else {
anyone got any ideas as to why if im logged in and the session name business is set i can access a page that checks for a session called personal ?
this is extremely urgent as teh site is supposed to be going live in 2 days time, but i cant let it go live like this
please help
chris
ok here is my problem
on my site i have 2 login pages, they both redirect to different locations
( for personal and business users )
After successfull login they create a session
called either 'business' or 'personal' and the value for the sessions
is the auto_increment id inumber
on the index page in the corresponding folders
personal or business, the code check for the corresponding session name
however my problem is that if i login as business i can then also access the personal area and vise versa
Here is the code from 1 of the login pages ( they are both similar with only name changes )
session_start();
mysql_select_db($dbn, $dbc);
$loginquery = mysql_query("SELECT * FROM `business` WHERE email='$email' and password='$password'", $dbc);
$result = mysql_fetch_assoc($loginquery);
// Result Process
if(!$result){
header("Location: buslogin.php?message=Invalid Username / Password</br>Please Try Again");
} else {
$GLOBALS['business'] = "$result[businessid]";
session_register('business');
header("Location: business/index.php");
}
and here is the code on the page successfull login is redirected too
session_start();
if(!isset($_SESSION['business'])){
header("Location: ../buslogin.php");
} else {
anyone got any ideas as to why if im logged in and the session name business is set i can access a page that checks for a session called personal ?
this is extremely urgent as teh site is supposed to be going live in 2 days time, but i cant let it go live like this
please help
chris