坚持等级检查消息的“if”[关闭]

I am busy on a login script but i am stuck at the moment with the php code "if" line.

I want to give the rank check a own message that the user isn't allowed because he hasn't the right rank for the admin login. At this moment it gives the message of wrong username or password.

My code:

<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['userSession']))
{
header("Location: home.php");
exit;
}

if(isset($_POST['btn-login']))
{
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));

$query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
$row=$query->fetch_array();
if(password_verify($upass, $row['user_pass']) && ($row['user_rank'] == '2'))
{
    $_SESSION['userSession'] = $row['user_id'];
    header("Location: home.php");
}
else
{
    $msg = "<div class='alert alert-danger'>
                <span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
            </div>";
}

$MySQLi_CON->close();

}
?>

I am a little bit new with PHP still.

Just add an if-Statement in the password check if-Statement in order to check only the rank when the password matches.

if(isset($_SESSION['userSession']))
{
    header("Location: home.php");
    exit;
}

if(isset($_POST['btn-login']))
{
    $email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
    $upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));
    $query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
    $row = $query->fetch_array();

    if(password_verify($upass, $row['user_pass']))
    {
        if($row['user_rank'] == '2'){
            $_SESSION['userSession'] = $row['user_id'];
            header("Location: home.php");
        } else {
            echo "You need a higher rank";
        }
    }
    else
    {
        $msg = "<div class='alert alert-danger'>
                    <span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
                </div>";
    }

    $MySQLi_CON->close();
}
?>

Just add an else if stage. You can have as many of those as you want, just don't go overboard.

if(password_verify(...)) {
   ...
} else if ($rank != 2) {
   ... wrong rank 
} else if (...) {
   ...
} else {
   ...
}