I am busy on a login script but i am stuck at the moment with the php code "if" line.
I want to give the rank check a own message that the user isn't allowed because he hasn't the right rank for the admin login. At this moment it gives the message of wrong username or password.
My code:
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['userSession']))
{
header("Location: home.php");
exit;
}
if(isset($_POST['btn-login']))
{
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));
$query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
$row=$query->fetch_array();
if(password_verify($upass, $row['user_pass']) && ($row['user_rank'] == '2'))
{
$_SESSION['userSession'] = $row['user_id'];
header("Location: home.php");
}
else
{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> email or password does not exists!
</div>";
}
$MySQLi_CON->close();
}
?>
I am a little bit new with PHP still.