Solved

Securing A PHP Login System

Posted on 2003-11-16
4
324 Views
Last Modified: 2013-12-12
I have writin a fairly basic login system so once the user enters their username and password, it query's the database and if correct goes to my next page.
There are 2 problems I am having
1) If the user types in www.mywebsite.com/login/page2.php it goes straight to the page without needing the username and pass word. So how do I protect all my pages so the user is forced to login first.
2) I need to add some code in so after the query for the username and password, it runs a query on the users 'rank'. If the user has a rank equal to or greater than 4, it goes to www.mywebsite.com/login/page3.php

Could someone please help me with this coding?

I only have 55 points but when I gain another 45, I will happily hand it to the expert that can answer my questions.

Thanks in advanced.

_Flash_Man_
0
Comment
Question by:_Flash_Man_
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 20 total points
ID: 9760641
read this, in the acticle it also tells how to verify against a database.

http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
0
 

Author Comment

by:_Flash_Man_
ID: 9762229
Ok I've secured my login and protected all my pages, now how do I run a query on the users rank, without them having to type it in?
0
 
LVL 19

Expert Comment

by:Michael701
ID: 9765062
is the rank stored in the users mysql database?

if so you can use a program like this

<?php
$sql_command = "select * from users where user_name='".$_POST['user_name']."' and password='".md5($_POST['password'])."'";
$rs_user = mysqlquery($sql_command);
if (mysql_num_rows($rs_user)==0)
  header ("location: page1.php"); // not a vaild user, password combination
else
{
  $user = mysqlfetcharray($rs_user);
  if ($user['rank']=>4)
    header ("location: page3.php");
  else
    header ("location: page2.php");
}
?>

then the rank will be returned
0
 
LVL 9

Accepted Solution

by:
OBCT earned 35 total points
ID: 9768046
I noticed a few errors in that code.

<?PHP

$query = mysql_query("SELECT * FROM Users WHERE username='" .$_POST['user_name']. "' AND password='" .$_POST['password']. "'");
//You will only need the md5 function if you used it in your user registration page
If (mysql_num_rows($query) == 0) {
     header ("Location: fail_login.php");
} else {
     $rank = mysql_fetch_array($query);
          If ($rank['rank'] > 3) {
               header("Location: admin_menu.php");  //The admin_menu is just an example, you can change it to anything you like
          } else {
               header("Location: user_menu.php");
          }
}
?>

I hope this helps :)
Good luck

Cheers

-OBCT
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now