Securing A PHP Login System

I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php

Could someone please help me with this coding?

I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.

Thanks in advanced.

_Flash_Man_
_Flash_Man_Asked:
Who is Participating?
 
OBCTConnect With a Mentor Commented:
I noticed a few errors in that code.

<?PHP

$query = mysql_query("SELECT * FROM Users WHERE username='" .$_POST['user_name']. "' AND password='" .$_POST['password']. "'");
//You will only need the md5 function if you used it in your user registration page
If (mysql_num_rows($query) == 0) {
     header ("Location: fail_login.php");
} else {
     $rank = mysql_fetch_array($query);
          If ($rank['rank'] > 3) {
               header("Location: admin_menu.php");  //The admin_menu is just an example, you can change it to anything you like
          } else {
               header("Location: user_menu.php");
          }
}
?>

I hope this helps :)
Good luck

Cheers

-OBCT
0
 
Michael701Connect With a Mentor Commented:
read this, in the acticle it also tells how to verify against a database.

http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
0
 
_Flash_Man_Author Commented:
Ok I've secured my login and protected all my pages, now how do I run a query on the users rank, without them having to type it in?
0
 
Michael701Commented:
is the rank stored in the users mysql database?

if so you can use a program like this

<?php
$sql_command = "select * from users where user_name='".$_POST['user_name']."' and password='".md5($_POST['password'])."'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)==0)
  header ("location: page1.php"); // not a vaild user, password combination
else
{
  $user = mysqlfetcharray($rs_user);
  if ($user['rank']=>4)
    header ("location: page3.php");
  else
    header ("location: page2.php");
}
?>

then the rank will be returned
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.