Solved

Securing A PHP Login System

Posted on 2003-11-16
4
327 Views
Last Modified: 2013-12-12
I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php

Could someone please help me with this coding?

I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.

Thanks in advanced.

_Flash_Man_
0
Comment
Question by:_Flash_Man_
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 20 total points
ID: 9760641
read this, in the acticle it also tells how to verify against a database.

http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
0
 

Author Comment

by:_Flash_Man_
ID: 9762229
Ok I've secured my login and protected all my pages, now how do I run a query on the users rank, without them having to type it in?
0
 
LVL 19

Expert Comment

by:Michael701
ID: 9765062
is the rank stored in the users mysql database?

if so you can use a program like this

<?php
$sql_command = "select * from users where user_name='".$_POST['user_name']."' and password='".md5($_POST['password'])."'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)==0)
  header ("location: page1.php"); // not a vaild user, password combination
else
{
  $user = mysqlfetcharray($rs_user);
  if ($user['rank']=>4)
    header ("location: page3.php");
  else
    header ("location: page2.php");
}
?>

then the rank will be returned
0
 
LVL 9

Accepted Solution

by:
OBCT earned 35 total points
ID: 9768046
I noticed a few errors in that code.

<?PHP

$query = mysql_query("SELECT * FROM Users WHERE username='" .$_POST['user_name']. "' AND password='" .$_POST['password']. "'");
//You will only need the md5 function if you used it in your user registration page
If (mysql_num_rows($query) == 0) {
     header ("Location: fail_login.php");
} else {
     $rank = mysql_fetch_array($query);
          If ($rank['rank'] > 3) {
               header("Location: admin_menu.php");  //The admin_menu is just an example, you can change it to anything you like
          } else {
               header("Location: user_menu.php");
          }
}
?>

I hope this helps :)
Good luck

Cheers

-OBCT
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question