Ok, this is how I did realistic mission 5 until I hit a snag.
1-> Logged in Jdoe
2-> Went to the email directory, looked around. Found jdoe_files in the properties of images in the left frame.
3-> Came out, looked at source of welcome.php. Found the stylesheet was being loaded from somwhere else.
4-> Went to that directory, found another css. Decrypted that to get the password.
5-> Went back into jdoes email directory. Injected uname and pwd into cookie(got this idea after reading one of the links given to an article).
6-> REfreshed the page, got the mail saw that the link was pointing to a php file, went to the directory got the second mail.
That's where I hit a snag. Ok, I had this mail and I knew the name of the directory. But, the problem was when ever I went to the page I was being denied access. I checked the cookie and it did not have the information I put in previously. So re-entered it and followed the challenge to the end.
Finally Figured out what i was doing wrong. Thanks for all those who read this.