PindaWorld PindaWorld - 4 months ago 13
PHP Question

Stuck at the "if" for rank checking message [SOLVED]

I am busy on a login script but i am stuck at the moment with the php code "if" line.

I want to give the rank check a own message that the user isn't allowed because he hasn't the right rank for the admin login.
At this moment it gives the message of wrong username or password.

Anybody that can help me with this?

My code:

<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['userSession']))
{
header("Location: home.php");
exit;
}

if(isset($_POST['btn-login']))
{
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));

$query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
$row=$query->fetch_array();
if(password_verify($upass, $row['user_pass']) && ($row['user_rank'] == '2'))
{
$_SESSION['userSession'] = $row['user_id'];
header("Location: home.php");
}
else
{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
</div>";
}

$MySQLi_CON->close();

}
?>


I am a little bit new in the php still..
All help and tips are really welcome and thankfull!

Answer

Just add an if-Statement in the password check if-Statement in order to check only the rank when the password matches.

if(isset($_SESSION['userSession']))
{
    header("Location: home.php");
    exit;
}

if(isset($_POST['btn-login']))
{
    $email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
    $upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));
    $query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
    $row = $query->fetch_array();

    if(password_verify($upass, $row['user_pass']))
    {
        if($row['user_rank'] == '2'){
            $_SESSION['userSession'] = $row['user_id'];
            header("Location: home.php");
        } else {
            echo "You need a higher rank";
        }
    }
    else
    {
        $msg = "<div class='alert alert-danger'>
                    <span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
                </div>";
    }

    $MySQLi_CON->close();
}
?>
Comments