Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Securing A PHP Login System

Posted on 2003-11-16
4
Medium Priority
?
334 Views
Last Modified: 2013-12-12
I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php

Could someone please help me with this coding?

I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.

Thanks in advanced.

_Flash_Man_
0
Comment
Question by:_Flash_Man_
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 80 total points
ID: 9760641
read this, in the acticle it also tells how to verify against a database.

http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
0
 

Author Comment

by:_Flash_Man_
ID: 9762229
Ok I've secured my login and protected all my pages, now how do I run a query on the users rank, without them having to type it in?
0
 
LVL 19

Expert Comment

by:Michael701
ID: 9765062
is the rank stored in the users mysql database?

if so you can use a program like this

<?php
$sql_command = "select * from users where user_name='".$_POST['user_name']."' and password='".md5($_POST['password'])."'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)==0)
  header ("location: page1.php"); // not a vaild user, password combination
else
{
  $user = mysqlfetcharray($rs_user);
  if ($user['rank']=>4)
    header ("location: page3.php");
  else
    header ("location: page2.php");
}
?>

then the rank will be returned
0
 
LVL 9

Accepted Solution

by:
OBCT earned 140 total points
ID: 9768046
I noticed a few errors in that code.

<?PHP

$query = mysql_query("SELECT * FROM Users WHERE username='" .$_POST['user_name']. "' AND password='" .$_POST['password']. "'");
//You will only need the md5 function if you used it in your user registration page
If (mysql_num_rows($query) == 0) {
     header ("Location: fail_login.php");
} else {
     $rank = mysql_fetch_array($query);
          If ($rank['rank'] > 3) {
               header("Location: admin_menu.php");  //The admin_menu is just an example, you can change it to anything you like
          } else {
               header("Location: user_menu.php");
          }
}
?>

I hope this helps :)
Good luck

Cheers

-OBCT
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question