i need help validating against a master password
the way it works is that it looks for a password in the database. i would like it so that it not only accepts the password set by the user if it is correct but also accepts a "master" password that is either declared in a file or in the database. can anyone lend me a hand?
[?php
require_once "config.php";
$password = $_POST['password'];
if($_GET['a'] || $_GET['a'] === 0) {
$action = intval($_GET['a']);
} else {
$action = intval($_POST['a']);
}
// Login form
if($action === 0) {
if($m) {
echo "[center]Show/password do not exist.[/center]";
}
?>
[form name="form" method="POST" action="[?php echo $PHP_SELF; ?]"]
[input type="hidden" name="show" value="[?php echo $show; ?]" /]
[input type="hidden" name="a" value="1" /]
[table width="300" align="center" cellpadding="2" cellspacing="2" border="0"]
[tr align="center">[td]Password: [input type="password" name="password" /][/td][/tr]
[tr align="center"][td][input type="submit" name="submit" value="Go" /][/td][tr]
[/table]
[/form]
[?php
} else if($action == 1) {
// Login
$hash = md5($password);
$sql = "
SELECT showID
FROM ".$TABLES['shows']."
WHERE showPassword = \"".$hash."\"
AND showID = ".$show."
";
$data = mysql_query($sql);
if(mysql_num_rows($data)) {
header("Location: ".$PHP_SELF."?s=".$hash."&a=2&show=".$show);
exit;
}
header("Location: ".$PHP_SELF."?a=0&show=".$show."&m=1");
} else if($action == 2) {
// Edit form
$sql = "
SELECT *
FROM ".$TABLES['shows']."
WHERE showPassword = \"".addslashes($s)."\"
AND showID = ".$show."
";
} else {
header("Location: ".$PHP_SELF."?a=0");
}
mysql_close($fp);
?]
i edited out a bunch of code unnecessary for what im looking for but thats it in a nutshell
the way it works is that it looks for a password in the database. i would like it so that it not only accepts the password set by the user if it is correct but also accepts a "master" password that is either declared in a file or in the database. can anyone lend me a hand?
[?php
require_once "config.php";
$password = $_POST['password'];
if($_GET['a'] || $_GET['a'] === 0) {
$action = intval($_GET['a']);
} else {
$action = intval($_POST['a']);
}
// Login form
if($action === 0) {
if($m) {
echo "[center]Show/password do not exist.[/center]";
}
?>
[form name="form" method="POST" action="[?php echo $PHP_SELF; ?]"]
[input type="hidden" name="show" value="[?php echo $show; ?]" /]
[input type="hidden" name="a" value="1" /]
[table width="300" align="center" cellpadding="2" cellspacing="2" border="0"]
[tr align="center">[td]Password: [input type="password" name="password" /][/td][/tr]
[tr align="center"][td][input type="submit" name="submit" value="Go" /][/td][tr]
[/table]
[/form]
[?php
} else if($action == 1) {
// Login
$hash = md5($password);
$sql = "
SELECT showID
FROM ".$TABLES['shows']."
WHERE showPassword = \"".$hash."\"
AND showID = ".$show."
";
$data = mysql_query($sql);
if(mysql_num_rows($data)) {
header("Location: ".$PHP_SELF."?s=".$hash."&a=2&show=".$show);
exit;
}
header("Location: ".$PHP_SELF."?a=0&show=".$show."&m=1");
} else if($action == 2) {
// Edit form
$sql = "
SELECT *
FROM ".$TABLES['shows']."
WHERE showPassword = \"".addslashes($s)."\"
AND showID = ".$show."
";
} else {
header("Location: ".$PHP_SELF."?a=0");
}
mysql_close($fp);
?]
i edited out a bunch of code unnecessary for what im looking for but thats it in a nutshell