master password for login

[SVC]

Hi,

 

I have my login script for clients to login to my site. They have to put thier email address in and then the password.

 

The situation is that i want to add a Master password so we can use the clients email addres and a deafult password so we can login to their account when they have problems and need help.

 

My script is below, any help would be good as i have spend alot of time on it and not got anywhere.

 

-------------------------------------------------------------------

<?

include("../config.php");

include("../sessions.php");

 

$_SESSION['session_id']=updateSession($_SESSION['session_id']);

 

$msg="";

if ($_GET['logout']==1) {

logout($_SESSION['session_id']);

$msg="<div align=\"center\" class=\"bold\">You have successfully logged out</div>";

}

 

if ($_SESSION['session_id']) {

header("location:account.php");

exit;

}

 

 

 

 

 

if (isset($_POST['email'])) {

//Process login

$password=md5($_POST['password']);

 

$_SESSION['session_id']=login($_POST['email'],$password);

if ($_SESSION['session_id']) {

if (!empty($_SESSION['return_page'])) {

$rp=$_SESSION['return_page'];

$_SESSION['return_page']="";

header("location: $rp");

} else {

header("location: account.php");

}

 

exit;

} else {

$msg="<div align=\"center\" class=\"red bold\">Invalid email or password</div>";

}

}

 

if ($_SESSION['session_id']) {

if (!empty($_SESSION['return_page'])) {

$page=$_SESSION['return_page'];

$_SESSION['return_page']="";

} else {

$page="location:account.php";

}

header($page);

exit;

}

 

?>

 

 

----------------------------------------------------------------

 

Thanks very much

 

 

 

[clown[NOR]]

add access levels

 

1 = Normal user

2 = Moderator

3 = Admin

 

something like that

[youneek]

You might also just make an if statement that says

 

if session = admin session then {full access}else {normal authentication method}

[GreenWithEnvy]

In your login function before you query the database, run a quick if() statement to see if password = master password.  If so, then skip rest of steps and set login = success for that username.

[SVC]

Hi guys,

 

thanks for the ideas, i have been trying to add the if() statement in but everytime i do it rejects the password. We dont have user levels, the Admin section is in a different directory which is protected by .htaccess

 

I dont know why a simple thing is proving difficult.

 

SVC

[SVC]

HI,

 

i have added the if statement in, but i just get a blank screen now, i cant see where i am going wrong.

 

My code as it is now.

 

 

<?

include("../config.php");

include("../sessions.php");

 

$_SESSION['session_id']=updateSession($_SESSION['session_id']);

 

$msg="";

if ($_GET['logout']==1) {

logout($_SESSION['session_id']);

$msg="<div align=\"center\" class=\"bold\">You have successfully logged out</div>";

}

 

if ($_SESSION['session_id']) {

header("location:account.php");

exit;

}

 

if (isset($_POST['email'])) {

//Process login

if

$password=md5($_POST['password']);

$password=masterpassword($_POST['password']);

header("location: account.php");

else

 

$_SESSION['session_id']=login($_POST['email'],$password);

if ($_SESSION['session_id']) {

if (!empty($_SESSION['return_page'])) {

$rp=$_SESSION['return_page'];

$_SESSION['return_page']="";

header("location: $rp");

} else {

header("location: account.php");

}

exit;

} else {

$msg="<div align=\"center\" class=\"red bold\">Invalid email or password</div>";

}

}

 

if ($_SESSION['session_id']) {

if (!empty($_SESSION['return_page'])) {

$page=$_SESSION['return_page'];

$_SESSION['return_page']="";

} else {

$page="location:account.php";

}

header($page);

exit;

}

 

?>