https://www.machform.com/forums/ MachForm Community Forums Topic: Authentication - Issues with multiple instances on the same server. en Mon, 04 May 2026 00:29:10 +0000 https://www.machform.com/forums/topic/authentication-issues-with-multiple-instances-on-the-same-server#post-17096 Wed, 06 Feb 2013 20:16:26 +0000 yuniar 17096@https://www.machform.com/forums/ <p>Hi Bard,</p> <p>Thank you for sharing this.<br /> MachForm wasn't designed to be installed multiple times under the same domain/sub domain indeed.</p> <p>These won't work:<br /> <a href="http://example.com/machform1" rel="nofollow">http://example.com/machform1</a><br /> <a href="http://example.com/machform2" rel="nofollow">http://example.com/machform2</a><br /> <a href="http://example.com/machform3" rel="nofollow">http://example.com/machform3</a></p> <p>However, these should work just fine:<br /> <a href="http://machform1.example.com" rel="nofollow">http://machform1.example.com</a><br /> <a href="http://machform2.example.com" rel="nofollow">http://machform2.example.com</a><br /> <a href="http://machform3.example.com" rel="nofollow">http://machform3.example.com</a></p> <p>So if you need to install multiple instance of MachForm, I suggest to install each of them using separate sub domains.<br /> Using separate subdomain for each instance, you won't need to do any modification.</p> <p>However, if it's not possible to have subdomains, then the solution you provide above should be working just fine :) </p> https://www.machform.com/forums/topic/authentication-issues-with-multiple-instances-on-the-same-server#post-17089 Wed, 06 Feb 2013 17:09:38 +0000 holtbakk 17089@https://www.machform.com/forums/ <p>Hi!</p> <p>As always I have to start by saying how much I appreciate this software! :)</p> <p>Than to my issue. I have one server with multiple installed instances of machform. Some are modified, some are running old licenses, some are purchased by others, and so on. Checking session authentication only with a true/false value seems to allow access to all admin interfaces by authenticating on one of them. Maybe this is an issue only to me, but I'd thought I should let you know and supply a suggestion for a fix:</p> <p>This could be solved with only a few lines of code by checking against an per-site-dynamic key set in <em>config.php</em>. Either an manually set key:</p> <p><code>$_SESSION[&#39;local_key&#39;] = “myvalue”;</code></p> <p>Or an automated that is unique to each instance using its path:</p> <p><code>$_SESSION[&#39;local_key&#39;] = md5(dirname(__FILE__));</code></p> <p>And after the authentication (on line 55 &#38; 108 in <em>index,php</em> and line 36 in <em>includes/check-session.php</em>) add:</p> <p><code>$_SESSION[&#39;mf_logged_in_key&#39;] = $_SESSION[&#39;local_key&#39;];</code></p> <p>And finally add this check to the authentication-checkers (12 instances?)</p> <p><code>if( … &#38;&#38; $_SESSION[&#39;mf_logged_in_key&#39;] === $_SESSION[&#39;local_key&#39;] ){ .. }</code></p> <p>Regards, Bard </p>