Menu

#4 Conflict with "E-post" login script

current release
open
nobody
5
2009-06-17
2009-06-17
James
No

I was asked by an employer to install both a timeclock and a messaging system for employees. For the former, I went with the latest version of PHP Timeclock and it has been working out great. For the messaging system, I chose to use another simple script I downloaded called "E-post".
If I log onto any account on e-post to check my messages--the default "test1" account, for example--then switch to the timeclock's main page without logging out, the timeclock page believes that I'm logged on as an admin user called "test1," a username that shouldn't even exist in the context of this app. It is thus frighteningly easy to gain access to the admin page of PHP Timeclock while E-post is being used, although it is in a different location on the server and uses a different MySQL database.
I'm not an expert programmer, but I'm guessing the "session" codes that check for a valid user on E-post and a valid admin user on PHP Timeclock are basically the same. Perhaps a solution would be if the Timeclock page checked to see if the admin you were logged in as was actually a real administrator, but this could still create a conflicts if there were any usernames being used on both apps.
Is there a simple solution for this?

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.