_Flash_Man_
asked on
Securing A PHP Login System
I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php
Could someone please help me with this coding?
I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.
Thanks in advanced.
_Flash_Man_
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php
Could someone please help me with this coding?
I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.
Thanks in advanced.
_Flash_Man_
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
is the rank stored in the users mysql database?
if so you can use a program like this
<?php
$sql_command = "select * from users where user_name='".$_POST['user_ name']."' and password='".md5($_POST['pa ssword']). "'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)= =0)
header ("location: page1.php"); // not a vaild user, password combination
else
{
$user = mysqlfetcharray($rs_user);
if ($user['rank']=>4)
header ("location: page3.php");
else
header ("location: page2.php");
}
?>
then the rank will be returned
if so you can use a program like this
<?php
$sql_command = "select * from users where user_name='".$_POST['user_
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)=
header ("location: page1.php"); // not a vaild user, password combination
else
{
$user = mysqlfetcharray($rs_user);
if ($user['rank']=>4)
header ("location: page3.php");
else
header ("location: page2.php");
}
?>
then the rank will be returned
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER