Securing A PHP Login System

I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php

Could someone please help me with this coding?

I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.

Thanks in advanced.

_Flash_Man_
_Flash_Man_Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael701Commented:
read this, in the acticle it also tells how to verify against a database.

http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
0
_Flash_Man_Author Commented:
Ok I've secured my login and protected all my pages, now how do I run a query on the users rank, without them having to type it in?
0
Michael701Commented:
is the rank stored in the users mysql database?

if so you can use a program like this

<?php
$sql_command = "select * from users where user_name='".$_POST['user_name']."' and password='".md5($_POST['password'])."'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)==0)
  header ("location: page1.php"); // not a vaild user, password combination
else
{
  $user = mysqlfetcharray($rs_user);
  if ($user['rank']=>4)
    header ("location: page3.php");
  else
    header ("location: page2.php");
}
?>

then the rank will be returned
0
OBCTCommented:
I noticed a few errors in that code.

<?PHP

$query = mysql_query("SELECT * FROM Users WHERE username='" .$_POST['user_name']. "' AND password='" .$_POST['password']. "'");
//You will only need the md5 function if you used it in your user registration page
If (mysql_num_rows($query) == 0) {
     header ("Location: fail_login.php");
} else {
     $rank = mysql_fetch_array($query);
          If ($rank['rank'] > 3) {
               header("Location: admin_menu.php");  //The admin_menu is just an example, you can change it to anything you like
          } else {
               header("Location: user_menu.php");
          }
}
?>

I hope this helps :)
Good luck

Cheers

-OBCT
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.